Internet Explorer and Edge browser users:
To download Word, Excel or PowerPoint files please right-click on the file you wish to download, and select 'Save target as...'

General Data Protection Regulation (GDPR) and dentistry

The General Data Protection Regulation 2018 (GDPR) aims to make organisations more accountable in the way they collect, store and use data, and how decisions are made, as well as ensuring transparency. We focus on how GDPR affects dentistry and dentists.

How does GDPR affect dentists?

Many high-street dentists and dental practices are actually in a good position to deal with the requirements of the GDPR, as dentistry has been a heavily regulated profession and many practice owners already follow stringent data protection procedures and have robust policies in place.

However, there are some strengthened and new layers of compliance that will be required and you need to ensure that you have all the right structures and systems in place to ensure you are complying with the new regulations, which comes into force on 25 May 2018.


All aspects of GDPR are important and cannot be ignored. But we have been assured that, as long as you are working towards compliance, you will not be penalised if you have not yet got all your procedures and policies in place by the 25 May 2018.


What do you need to do?

We know there are significant steps high street dentists (both practice owners and associates) will need to take to ensure compliance with GDPR and our advice for members outlines the key areas:



O​ur FAQs and advice on how the GDPR will affect your data protection responsibilities 


​Our Expert members' templates and data audit to comply with confidence


Take our CPD module on the GDPR to get a basic understanding


Book an event for NHS practices: How to be an effective Data Protection Officer - the next available date is 18 January 2019 (our course on 31 July is now fully booked, but you can apply to go on the waiting list).



Our blogs on data protection and compliance issues



See the ICO's website for useful tools and support


​Be panicked into paying extortionate amounts for external providers – dental practices really don’t need this


BDA Extra and Expert members can contract to our team of business and legal advisers for help and support on compliance with the GDPR in dentistry, email


If you're not a member then join to comply with confidence.

Do I need to outsource for a DPO?

We're hearing reports that some practices are being quoted £15000 to outsource the Data Protection Officer duties and responsibilities. We urge members to not be scared into signing these expensive contracts.


Appointing a DPO is a requirement for NHS practices. A DPO should be in place by 24 May 2018. But we do not believe that practices that do not have a DPO in place on 25 May 2018 are likely to face penalties, if they are taking steps to get a DPO in place as soon as possible.


First, the Data Protection Bill and the requirement for DPOs is a relatively recent burden. 


Second the Government Department responsible for the Data Protection Bill has said to us “the department is confident that the Information Commissioner will be pragmatic, fair and proportionate in considering how primary healthcare providers implement the DPO role.”


However, we know that members are professionals who take regulatory requirements seriously and for those who are keen to begin the process, we have some training courses available.


It's worth stating for clarity that the DPO requirement does not extend to solely private practices. 

What is the BDA doing on behalf of members?

We campaigned for amendments to the Data Protection Bill, which would have exempted dentists from the needless and burdensome new requirement to appoint a DPO. 


We lobbied the Government and MPs from across all parties on this issue and were pleased that a group of four cross-party MPs – Christine Jardine, Shadow Health Minister Julie Cooper, former Health Minister Norman Lamb and Alex Cunningham – co-sponsored an amendment which would have prevented this huge and needless burdens being placed on high-street providers.


Unfortunately, the Government rejected the amendment when the Bill was debated in Parliament on 9 May. However we will continue to lobby for this change to be made through regulations in due course.


The Data Protection Bill received Royal Assent on 24 May, and will come into force as the Data Protection Act 2018.


To keep up-to-date on the issue, read our blogs.

​Working for you

We will continue to campaign for better regulation. If you'd like to be kept up to date with our progress:

Through our policy and campaigning work, we ensure that the concerns of all sections of the profession are raised and that dentists' voices are heard at a national level: join us.