Getting ready for GDPR: A Basic Guide to a Data Audit for the Self-employed Psychologist and Coach

GDPR Compliance

As you know GDPR (General Data Protection Regulation) is coming into force from 25 May 2018 but have you made steps towards becoming compliant? If you are self-employed, you are both the Data Controller and Data Processor and are responsible for the information held by your business and ensuring compliance.

As a Psychologist and / or Coach you will access and store a lot of personal data over the course of your work. If you are feeling overwhelmed with where to start, begin by undertaking a data audit of your files and records.

The aim of carrying out a data audit is to identify areas where your current processes are not compliant with GDPR so you can take action – you may be surprised at just how much personal data you have stored and processed!

Undertaking a Data Audit

You will need to review the data on all your databases, files and folders, email lists, spreadsheets, paper documents and other lists of personal data. This includes data on servers, external hard drives, data stored on USB drives, information saved on your smartphone, etc.

The audit will make you think about:

• The kind of data you collect and store
  
• Why you are collecting the data and what you will do with it
  
• How long you retain the data
  
• Who has access to the data both inside and outside of your business
  
• What security procedures you have in place to keep your data safe
  

1. Create a spreadsheet using the headings in the image below as your guide. It might be that you need to add further columns that are relevant to your specific processes.
   
2. Review the data you hold and begin populating the fields. Examples are provided below for illustration purposes.
   
3. Where you notice a problem, mark it in red and then enter a note of what remedy you need to take in the 'Action Required' column.
   
4. Once your spreadsheet is complete, begin a plan to tackle the ‘Action Required’ column and begin to implement. Each action you complete will bring you closer to being GDPR compliant!
   

This is a simple guide to start you off with your data audit.Please note that ExecutiveVA are not legal experts. Don’t be afraid to ask a GDPR expert to help you with your audit and compliance checks, if you have questions or for general guidance on the changes. For more information about the regulations, please refer to the ICO’s website:

https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/

M: 07511 534051

E: leyla@executiveva.co.uk