top of page



The Data Protection Act 2018 (DPA 2018), and the General Data Protection Regulation (GDPR) as it applies in the UK.  GDPR is a complex area that requires careful consideration by counsellors, supervisors and managers.  Within Agencies the Act has particular implications for information storage and retrieval and for the management of confidentiality.

Data Protection legislation requires counsellors to adopt transparent forms of record keeping which are consistent with the fundamental rights of citizens to know and, wherever appropriate, to have substantial access to such records. 

Data must respect the client’s rights, especially ‘sensitive personal data’ such as the client’s race, religious beliefs, union membership, mental and physical health and sexual history. A counsellor’s records are classified as ‘sensitive personal data’.

Supervision notes may be exempt from the client’s right of access, where the client is not identifiable. Process notes are best kept simply as short life notes that are routinely destroyed after use as prompts in supervision. client records/notes will be retained for a period of 3 years, in line with the BACP’/ NCSs use of therapeutic records in responding to a complaint against a therapist or agency. After this 3 year period all notes will be safely destroyed by Auris Counselling.

bottom of page