Therapeutic Art Sessions
Providing access & support for individuals in East Dunbartonshire
In light of the new General Data Protection Regulation Legislation, which comes into force on the 25th May 2018, EDICT has created a data processing impact assessment. If you have any questions relating to the data we hold or the use we make of it please do not hesitate to contact us.
A full copy of our assessment is included below and can be downloaded should you wish to retain a copy.
You can also download our data protection policy
Data Processing Impact Assessment
EDICT collects and processes the following data for all participants referred to the service.
• Telephone numbers
• Health Condition
• Carer/parent/guardian contact
• Other services attended
• Referrer details
This is the only information we maintain on our database. Any discussions, disclosures or work created within EDICT are protected by our confidentiality policy and they will remain as a record between the participant and the staff member they receive a service from.
We are though compelled by legislation relating to possible harm to vulnerable individuals. Our policy on this can be viewed upon request.
EDICT collects this data so that:-
• We can identify appropriate referrals
• Make contact with referred individuals
• Maintain correspondence with participants
• Contact parent/carer/guardians where appropriate
• Create monitoring reports for stakeholder funding agencies eg Community Health Partnership
• Contact participants and/or parents/carers/guardians for annual evaluation
• Contact referring agents
Risks to individuals
The sensitive nature of the personal data held by EDICT creates a risk, should it be accessed by individuals not employed by EDICT and with permission to access the data. Only employees of EDICT with express permissions, as part of their contract of employment, can view your data. As our data includes personal details and that belonging to vulnerable individuals it would create a risk to their wellbeing if processed incorrectly. Our confidentiality policy is available to view if you would like two review the policy.
We will seek a procedure to ensure data shared with partner agencies is treated in line with the GDPR compliance measures.
EDICT uses an online referral form. The data sent to us using this method meets the criteria of safe use.
• Data held by EDICT will only be accessed by staff members for the purposes of running the therapeutic service.
• The PC which stores the database is password protected.
• The online cloud backup is encrypted.
• Data will only be shared with stakeholder partners as a means of ensuring the wellbeing of participants and in line with our obligations in terms of Vulnerable participants.
• Staff will receive a briefing on the correct use of data.
• The procedures will be reviewed annually.
Please click to download a PDF copy of our data impact assessment
Please click to download our data protection policy document