How does GDPR affect dentists?
Many high-street dentists and dental practices are actually in a good position to deal with the
requirements of the GDPR, as dentistry has been a heavily regulated profession and many practice owners already follow stringent data protection procedures and have robust policies in place.
However, there are some strengthened and new layers of compliance that will be required and you need to ensure that you have all the right structures and systems in place to ensure you are complying with the new regulations, which comes into force on 25 May 2018.
All aspects of GDPR are important and cannot be ignored. But we have been assured that, as long as you are working towards compliance, you will not be penalised if you have not yet got all your procedures and policies in place by the 25 May 2018.
What do you need to do?
We know there are significant steps high street dentists (both practice owners and associates) will need to take to ensure compliance with GDPR and our advice for members outlines the key areas:
BDA Extra and Expert members can contract to our team of business and legal advisers for help and support on compliance with the GDPR in dentistry, email email@example.com.
If you're not a member then
join to comply with confidence.
Do I need to outsource for a DPO?
We're hearing reports that some practices are being quoted £15000 to outsource the Data Protection Officer duties and responsibilities. We urge members to not be scared into signing these expensive contracts.
Appointing a DPO is a requirement for NHS practices. A DPO should be in place by 24 May 2018. But we do not believe that practices that do not have a DPO in place on 25 May 2018 are likely to face penalties, if they are taking steps to get a DPO in place as soon as possible.
First, the Data Protection Bill and the requirement for DPOs is a relatively recent burden.
Second the Government Department responsible for the Data Protection Bill has said to us “the department is confident that the Information Commissioner will be pragmatic, fair and proportionate in considering how primary healthcare providers implement the DPO role.”
However, we know that members are professionals who take regulatory requirements seriously and for those who are keen to begin the process, we have some training courses available.
It's worth stating for clarity that the DPO requirement does not extend to solely private practices.
What is the BDA doing on behalf of members?
We campaigned for
amendments to the Data Protection Bill, which would have exempted dentists from the needless and burdensome new requirement to appoint a DPO.
We lobbied the Government and MPs from across all parties on this issue and were pleased that a group of four cross-party MPs – Christine Jardine, Shadow Health Minister Julie Cooper, former Health Minister Norman Lamb and Alex Cunningham – co-sponsored an amendment which would have prevented this huge and needless burdens being placed on high-street providers.
Unfortunately, the Government rejected the amendment when the Bill was debated in Parliament on 9 May. However we will continue to lobby for this change to be made through regulations in due course.
The Data Protection Bill received Royal Assent on 24 May, and will come into force as the Data Protection Act 2018.
To keep up-to-date on the issue, read our blogs.