Privacy Policies (GDPR) 


For anyone working with clients in the United Kingdom and the European Union, a GDPR Privacy Notice will describe how you collect, store and process data in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR), UK GDPR and Data Protection Act 2018. Lawyer reviewed March 2021.

Even though GDPR can seem confusing (and even terrifying for some of us!), this document pack will save oodles of time poring over ICO pages. With a healthy respect for data protection policies, we have done as much of the heavy lifting as possible, through trainings, research and legal advice so that you can just tweak a few highlighted areas and get on with providing therapy.


This Privacy Policy pack covers your GDPR documentation needs if you are:

➤A therapist based in the United Kingdom or European Union

➤A therapist working with clients in the United Kingdom or European Union

This is relevant whether you or your Client is relocating permanently, temporarily, visiting on holiday, travelling for work or any number of other reasons.


  • Privacy Notice for Clients [GDPR]
  • Record of Data Processing Activities
  • Retention Schedule
  • Data and Cyber Security Policy
  • Policies for Multiple Employees
  • Email Footer


  1. The Privacy Notice for Clients is client-facing and can be included in your Welcome Pack or sent individually for electronic signature. It explains to clients how their data is collected, processed and stored. We have provided examples to save you time and take the stress out of GDPR.
  2. Record of Data Processing Activities explains to you and any staff within your organisation what your data protection responsibilities are and is an internal policy procedure.
  3. Data and Cyber Security Policy explains what data protection and cyber security responsibilities are for you and any employees or contractors. It serves as an internal policy procedure.
  4. The retention schedule is an internal document setting out how long data is stored for and on which legal basis.
  5. The email footer is a disclaimer that goes at the end of your emails after your signature to demonstrate the need for privacy.
  6. Policies for Multiple Employees applies for anyone operating a group practice or working with employees or independent contractors such as a virtual assistant. [ADDITIONAL POLICY INCLUDED JUST IN CASE]


Following Brexit, we undertook a review and update process with lawyers in January 2021 and March 2021.


This document is

  • a massive timesaver!
  • GDPR Privacy Policy for Clients
  • updated by lawyers March 2021
  • updated format and guidance notes by Tamara Howell August 2021
  • It is your responsibility to check for updates in privacy regulations.

This document is not

  • is not a website privacy policy
  • is not a training or course
  • is not complicated to complete
  • does not include future updates  

You may also like…