GDPR a psychoterapie: Jak chrání vaše soukromí terapeutické sezení

When you sit down for therapy, you’re not just sharing your thoughts—you’re trusting someone with deeply personal data. That’s why GDPR, the EU’s strict data protection law that gives you control over your personal information. Also known as Obecné nařízení o ochraně osobních údajů, it ensures that your therapist can’t share your name, history, or even session notes without your clear permission. This isn’t just bureaucracy—it’s your right to feel safe while being vulnerable.

Think about it: your therapist keeps records. Not just scribbles, but detailed notes on your mood, trauma, family dynamics, even your phone number. Under GDPR, the EU’s strict data protection law that gives you control over your personal information, they must store these securely, delete them after seven years (unless you agree otherwise), and let you see them anytime. They can’t email your file to a colleague without your written consent. Even your payment details are protected—you should never get a receipt with your diagnosis on it.

And what about online sessions? end-to-end encryption, a security system that only you and your therapist can access the conversation is mandatory. If your therapist uses a platform like Zoom or Google Meet without it, they’re breaking the law. Same goes for cloud storage—your files can’t live on a regular Dropbox account. They need certified, encrypted systems designed for healthcare data.

You also have the right to ask: "Why are you keeping this?" If a therapist holds onto old notes "just in case," that’s not enough. GDPR demands a clear, lawful reason for every piece of data. Did they collect your childhood trauma history to guide treatment? Fine. Did they save your favorite movie because they thought it was cute? That’s a violation.

Many people don’t realize they can request a copy of their entire file—or even demand it be deleted. You don’t need a lawyer. Just send a simple email. And if they refuse? You can report them to the Czech Office for Personal Data Protection. Most clinics don’t know this, but they’re required to respond within 30 days.

GDPR doesn’t just protect you—it protects the therapist too. It sets clear boundaries. No more random calls from your ex’s cousin asking, "Is my partner in therapy?" No more accidental leaks during staff meetings. It turns therapy into a private, respectful space, not a data mine.

What you’ll find in the articles below are real, practical guides on how therapy works under these rules. From how to check if your therapist follows GDPR, to what happens if you change your mind about sharing data, to how online platforms stay compliant—you’ll see exactly how your rights shape every session. No jargon. No fluff. Just what matters: your privacy, your control, your peace of mind.