When you are fully booked with clients and life is busy, you arrive at a point where you start to think about getting some support in your business. It might be a VA to help with emails, a bookkeeper to take care of the finances, or someone to keep on top of scheduling and admin.

Recently I’ve been getting busier and found myself very behind with emails. Luckily, I’ve had an assistant (Claire) for a number of years, she’s focused on helping me run my course and Therapists Corner but it was time I let her dive into my emails and help because I was soooo behind!! (Apologies if you’ve noticed a delay in me replying)

Claire now helps me with emails and because some of my clients get in touch that way, she may see names, contact details and other personal or sensitive information. To make sure we were doing things properly and following GDPR guidelines, we put a Data Processing Agreement (DPA) in place.

Copy and Paste my DPA below

What is a Data Processing Agreement?

A DPA is a contract required under UK GDPR whenever you share personal data with someone who is working on your behalf.

• You are the Controller — you decide what information is collected and why (for example, scheduling sessions, sending invoices, or replying to enquiries).

• The person helping you is the Processor — they follow your instructions and must never use the data for their own purposes.

The agreement makes it clear:

• What kind of data can be accessed.

• How it should be stored and secured.

• What happens if there’s a data breach.

• What should happen if the working relationship ends.

It’s essentially about protecting your clients, your practice, and the person helping you.

Read more about GDPR here - Here

When might you need one?

Any time someone else could see or handle client information, it’s worth having a DPA in place. For example:

• A VA supporting with emails, scheduling, or invoicing.

• A bookkeeper or accountant who has access to payment details.

• A website manager who can see contact form submissions.

• A clinical administrator who helps manage bookings.

If in doubt, put one in place it’s a small step that shows you take confidentiality and data protection seriously.

Why it matters

Confidentiality is already at the heart of what we do. GDPR and the ICO rules are really just the legal framework that sits around that helping to make sure we protect our clients’ information properly.

Take a moment….

If you’re starting to bring in support for your private practice, take a moment to think about data protection:

• Do they need access to client information?

• If yes, do you have a DPA in place?

• And are you registered with the ICO?

Getting these foundations right makes your practice safer, keeps you GDPR compliant and lets you grow with confidence.

👉 Inside Therapists’ Corner, I’ve created a DPA template you can adapt for your own practice, so you don’t have to start from scratch. Access below