‍

If you're client facing, you are probably going to contact a client via email at some point. Here are some top tips when emailing clients to ensure that you keep their data safe, and keep us compliant - Win : Win! 

‍

• If you're messaging a group of clients ensure that you either mail merge or bcc their email addresses. Remember if they didn't give you consent to share their email address, if you don't Blind Carbon Copy (BCC) it, all recipients in the email will be able to see everyone's email address, and might class as a breach.
  ‍
• Do not include any personal details in the body of the email– this includes names of other clients. Keep it short, simple and as generic as possible. Giving out personal data via email, even in an attachment can still be susceptible to being intercepted by unscrupulous people/hackers! 
  ‍
• Ensure that when it comes to adding clients into groups e.g.whatsapp, Teams, Facebook, etc clients opt in rather than opt out. This way it is deemed that they definatinley want to be apart of the group, as they opted in rather than us assuming that because the didn't opt out, this automatically means they want to be part of it.
  ‍
• Remember under the General Data Protection Regulations (GDPR), a client can submit a 'Subject Access Request' which in many cases, will mean that everything that is held on that client by us, will need to be shared with the client directly. This could include notes from sessions and emails sent directly to the client, but also about the client. Therefore, please ensure that emails contain the proper software protections - don't worry Espria take care of this for us in the most part, and their content only contains relevant, limited and factual information. A better option, use an NHS email account (if you have one) as there is a deeper level of encryption on these, and so are safer to use for transmitting client data.