Are You Compliant to Practice?

In this article we share a story about a Nutritional Therapist who reached out to us after a client filed a complaint with the ICO.

Thankfully this practitioner was fully covered, compliant, working within her scope of practice, and a member of the ANP. The practitioner has given permission to share her story in the hope that it will help others prevent a similar situation.

The practitioner (Nutritional Therapist) worked with a client who suspected they had heavy metal toxicity from the water supply into their home. After assessment of the client’s case the recommendation was to strengthen the immune system and support drainage pathways before starting a heavy metal detox.

The next day the client requested all records of the consultation to be removed from the practitioner’s database. The client also stated that they were not happy with the suggested recommendations or supplement suggestions, despite being advised during the consultation that if they don’t wish to take supplement’s the practitioner would be happy to support the client with diet and lifestyle change alone.  

Based on GDPR guidelines the practitioner advised the client that she could not remove the details as explained in the practitioner’s terms and conditions (that the client had signed) which states that all records are kept on file for 7 years.

After speaking with the ANP team and discussing the case, we advised the practitioner to speak with Balens due to the client reporting the case to the ICO.

Balens advised that the practitioner needed to keep the plan and documents for insurance reasons and to protect against a possible claim in the future. They also advised the practitioner to speak with a legal protection advisor, who advised that the client has a right to erasure, however this does not apply to special category data (data concerning health).

Please see below link to the Information Commissioners Office (ICO) website, where it pertains to Data Protection and a client’s Right to Erasure:

The ICO advised the practitioner to remove all personal data pertaining to the client if requested (including initialed data, which is also considered as personal data).

When the practitioner mentioned that she was concerned about a possible legal claim in the future, the ICO agreed, and advised the practitioner to keep minimal data/information necessary to protect against a potential legal claim.

Not only does this story serve as a great reminder to us all that not everyone is a right fit for our services; we need to be vigilant by exercising discernment and ensuring that we have the right policies and procedures in place.

Please visit the ANP members area to download to the following documents:

  • Data Protection Policy Template
  • Privacy Policy Template
  • Example terms of engagement form

If you are not registered with the ICO you can do so here:

If you need to check that you have the correct insurance cover in place to protect your practice, click here to claim your ANP discount code.

If you have a story or case study that you would like to share, please send an email to