At Talking Counselling, we take your privacy and the security of your personal data very seriously. As part of our commitment to transparency and compliance, we adhere to the requirements of the General Data Protection Regulation (GDPR), which came into effect on 25 May 2018.
The Information Commissioner’s Office (ICO) is the UK’s supervisory authority for GDPR and is responsible for promoting and enforcing data protection legislation. We work in line with ICO guidance to ensure that your personal data is always handled with care, confidentiality, and security.
Under GDPR, organisations must ensure that personal data is:
Processed securely using appropriate technical and organisational measures.
Protected by “Privacy by Design”, meaning security measures are built into systems from the outset and maintained throughout their lifecycle.
Managed based on risk, with controls appropriate to the type of data being processed and the risks involved.
GDPR does not specify exact cyber security controls but expects organisations to implement security measures that are proportionate, effective, and continually maintained.
In line with the National Cyber Security Centre (NCSC) and ICO guidance, Talking Counselling works towards four core security aims:
Manage Security Risk – We assess risks to personal data and take steps to reduce them.
Protect Against Cyber Attacks – We use layered security measures to defend against threats.
Detect Security Events – We monitor and identify unusual or malicious activity that may affect data.
Minimise the Impact – We have procedures in place to respond quickly and limit harm in the event of an incident.
If an incident occurs that involves (or is likely to involve) a personal data breach, GDPR requires us to:
Notify the ICO within 72 hours where the breach poses a risk to individuals.
Inform affected individuals if the breach is likely to result in a high risk to their rights and freedoms.
We also take guidance from the NCSC and may report serious cyber incidents that could affect wider public trust, safety, or national security.
To support GDPR compliance, we align our approach with industry best practice, including:
Following the NCSC’s 10 Steps to Cyber Security
Guidance from the Small Business Cyber Security Guide
The Cyber Essentials Scheme for baseline protection
These frameworks help ensure your data is kept safe and handled responsibly.
Secure communication: Our website uses SSL encryption to protect data transferred between you and us.
Controlled access: Only authorised personnel have access to sensitive information.
Data minimisation: We only collect and retain information necessary for providing our services.
Ongoing monitoring: We keep our systems updated and continuously review cyber risks.
If you have any questions about how we handle your data, or if you believe your personal data has been compromised, please contact us immediately:info@talkingcounselling.co.uk
For further information about GDPR, you may visit the ICO website: https://ico.org.uk.
Copyright © 2025 Talking Counselling
