Please click on one of the options below to take you to the information you need.

What is GDPR? An Overview

What do I need to do to be compliant?

Privacy notice template and help

Specific useful topics; Q&A

What other help can AoR Provide?

The AoR has provided a number of documents and templates to help AoR members – all of which can be accessed using the buttons above.

If you are looking for a specific topic, the index below may help you to locate the topic more easily:

1          Does GDPR affect me?

2          What information does the GDPR apply to?


What information I can keep, on what basis,  and how I can use it

3a        What Information Can I keep?

3b        Special category data

3c        GDPR requirements for Past Clients

3d        Lawful Basis for storing and processing information

3e        Do I ever need to obtain ‘Consent’ to Store and use Client Data? 

3f         Requirement to retain Client Information for a ‘Designated Period’

3g        Right to Erasure v the Requirement to retain Client Information for a ‘Designated Period’

3h        Retention and Erasure Policy

3i         Treating children

3j         Sharing clients’ personal information with other parties


What information I give to clients

4a        What Information do I have to Supply to my Clients?

4b        Providing Privacy information and obtaining a record that the client has been given the information


Your rights and how to deal with any client requests

5a        Your clients’ rights under GDPR

5b        Client requests to access the data you keep (Subject Access Requests)


ICO related

6          Help and resources from the Information Commissioner’s Office (ICO)

7          Registering with the Information Commissioner’s Office (ICO)


Internal process related

8a        Documenting your processes for GDPR

8b        Information Security

8c        Reporting a personal data breach


Miscellaneous topics

9          Differences between being self-employed and employed by someone else

10        Moving Abroad

11        Using Client Contact Details for Marketing Purposes


Further Guidance

The Information Commissioner’s Office (ICO) provides very detailed guidance on GDPR and DPA 2018 at:

Please note that the information and suggestions are only relevant to AoR members, as we have obtained agreement from the Information Commissioner’s Office (ICO) that AoR members may be treated as Healthcare Professionals – this simplifies and clarifies what our members can use as their lawful basis for holding and using sensitive client data. But this does not apply to all reflexologists which is why it is important that you do not share this information with a non-member.



Although the AoR takes all reasonable care to ensure that the information in this communication is accurate, we cannot guarantee that it is free from inaccuracies, errors or omissions. No information given by the AoR should be taken as legal advice, nor should it take the place of medical care or advice given by primary healthcare providers. As such, the AoR shall not be liable for any loss or damage whatsoever arising from any information contained in this communication.

Copyright 2018 Association of Reflexologists © COPYRIGHT RESERVED
This information may not be reproduced in whole or in part, without the prior written permission of the Association of Reflexologists.