We are not able to provide definitive advice which you would need to seek from the ICO as every situation is different.
This is a fast changing area of legislation. General Data Protection Regulation (GDPR) is now well embedded with many consequences for the counselling profession concernbing the privacy of clients and their data. In addition the Electronic and Privacy Regulations will replace PECCA this year and create further headaches for us in the counselling professions.
As a result we have revised our previous advice that registering for a Data Protection Registration Number (DPRN) which recommended completing the ICO’s (Information Commissioner’s Office) self-assessment to determine if your personal circumstances necessitate your registering.
Following the most recent advice given by the BACP Good Practice in Action 047 - Fact Sheet - Working online in the counselling professions, article 7, "Legal requirements for working in the UK and Europe" we now join BACP in recommending everyone signs up for a DPRN with the ICO:
“Anyone working online for any aspect of their work needs to take account of the relevant law concerning data protection. The General Data
Protection Regulation and the Data Protection Act 2018 set out the legal requirements for anyone who processes data about people in the UK.
The legislation aims to protect the privacy of people and to ensure that people, about whom information has been collected, can check the
accuracy of that information. The main implications for the counselling professions include:
- an obligation to register with the Information Commissioner’s Office
– see https://ico.org.uk/for-organisations/data-protection-fee/selfassessment/” (BACP, 2019). (Please note this is only an extract and article 7 should be read in its entirety).
Data Protection Act: https://ico.org.uk/for-organisations/guide-to-data-protection/