Toolkit Yorkshire Psychotherapy

Welcome to the Private Practice Document Toolkit shop!

A comprehensive toolkit of GDPR required documents and exercises to help guide and support you in private practice to be fully GDPR compliant.

Included in the toolkit are some additional documents that we feel will help you in delivering your services to your clients. Whether you work on your own or have a team of associates or staff, the toolkit will provide all you need to protect and steer your business, bringing peace of mind and guidance along the way.

The pack is aimed at UK businesses that operate with clients in the UK or EU.

The Customisable policies, procedures and forms can be purchased in the following ways:

OPTION ONE - full toolkit

The full private practice document toolkit. This is a comprehensive toolkit of GDPR required documents and exercises to help guide and support you in private practice to be fully GDPR compliant.

Included in the toolkit are some additional documents that we feel will help you in delivering your services to your clients. Whether you work on your own or have a team of associates or staff, the toolkit will provide all you need to protect and steer your business, bringing peace of mind and guidance along the way. Includes all of the documents, forms and registers listed below in OPTION 3.

The pack is aimed at UK businesses that operate with clients in the UK or EU.

Purchase now for £650

OPTION TWO - All GDPR Documents

All GDPR related documents, including:

Employee Privacy Notice, Subject Access Request Procedure, Data Subject Access Request Form (adult), Data Subject Access Request Form (child), Data Processors Register, Data Processing Agreement (UK and EEA Processors), Data Processing Agreement (Non-UK/EEA Processors), Information Security Policy, Data Protection Policy, Data Retention Policy, Information Classification and Handling Policy, IT Acceptable Usage Policy, Access Control Policy, Password Policy, Clear Desk and Screen Policy, CCTV Policy, Mobile and Remote Working Policy, Social Media Policy,Website Privacy Policy, Website Terms of Use, GDPR Compliance Statement, Data Breach Notification Procedure, Complaints Procedure.

The pack is aimed at UK businesses that operate with clients in the UK or EU.

Purchase now for £500

OPTION THREE - Individual policies and procedures

Individual policies and procedures with associated forms and registers.

Purchase now for £30 each

1. Data Inventory and Impact Assessment Register

This register is to log all personal data that flows through the business and allows you to perform a data protection impact assessment to identify the actions required to reduce any risk to data subjects.

2. Data Processors Register

This register is to log all suppliers/providers that process personal data on your behalf (processor) and to identify the appropriate data processing agreements that are required, this is dependent upon where they process the data (within the UK/EEa or elsewhere.

Supporting documents:
– Data Processing Agreement (UK and EEA Processors)
– Data Processing Agreement (Non-UK/EEA Processors)

3. Access Control Policy

This policy explains how access to information and business assets is managed including physical and technical access.

4. CCTV Policy

This policy explains how the use of surveillance and CCTV systems are managed and regulated, this includes video doorbells such as Google, Ring and Verisure.

5. Clear Desk and Screen Policy

This policy explains how information is protected when using screens and physical paperwork.

6. Complaints Procedure

To explain the procedure for handling and processing complaints.

7. COVID-19 Risk Assessment

A template for COVID-19 Risk Assessment for you to share with clients and employees/associates

8. Data Breach Notification Procedure

This procedure explains how personal data breaches will be handled and notification to the ICO if required.

9. Data Protection Policy

This policy explains how business is conducted to comply with the Data Protection Act 2018 and the EU and UK General Data Protection Regulations.

10. Data Retention Policy

The policy explains the retention periods of information stored within the business, including business related information and personal identifiable information.

11. Equality and Diversity Policy

This policy explains how equal opportunities are adopted in all aspects of employment and client services/contact, in accordance with The Equality Act, 2010.

12. Information Classification and Handling Policy

This policy explains how information is classified/categorised and how it should be handled.

13. Information Security Policy

The policy explains the aims and objectives of the business in maintaining the security of information.

14. IT Acceptable Usage Policy

This policy explains how IT equipment, systems and resources should be used when accessing company information.

15. Lone Working Policy

This policy explains how lone working is managed.

Supporting document:
– Lone Working Risk Assessment

16. Mobile and Remote Working Policy

This policy explains how the security of information is maintained when working in mobile and remote situations.

17. Password Policy

This policy explains how information and resources are adequately password protected.

18. Safeguarding Policy

This policy explains how we implement safeguarding for children, young people, and Adults at risk with whom they come into contact in the course of their work.

19. Social Media Policy

This policy explains how social media relating to the business, using either work or personal accounts should be handled.

20. Subject Access Request Procedure

To explain the procedure for dealing with subject access requests and the timescales for both adults and children.

Supporting documents:
– Data Subject Access Request Form (adult)
– Data Subject Access Request Form (child)

21. SLA (Service Level Agreement) Template

This template can be used when agreeing to provide services for external companies. It outlines the services you will provide and stipulates your contractual terms.

22. Client Agreement Templates

This template can be used when agreeing to provide services for clients. It outlines the services you will provide and stipulates your contractual terms.

Supporting documents:
– Client Agreement (self-funded)
– Client Agreement (insurance)

23. Employee Privacy Notice

This template is required by GDPR to inform any employees or associates of how you will handle their personal data.  This can be used to issue to employees or associates as a separate document or as an addendum to their current contract or agreements or use this to incorporate into your contract or agreement documents.

24. Website Privacy Policy

This template is for adding to your website to explain to all site users and clients how their personal data will be handled in line with data protection requirements.

25. Website Terms of Use

This template is for adding to your website to explain to all site users the terms governing the use of your website.

26. GDPR Compliance Statement

This template is a high-level statement outlining how your company is GDPR compliant based on best practice requirements for data protection.

Scroll to Top