We are aware that members are receiving emails from the Data Protection Officers Association (DPOA) claiming they are “among the thousands of dentists in the UK who have not actually appointed and registered a Data Protection Officer, thus not filling out the NHS Data Security and Protection Toolkit correctly”.
The email also suggests that practices may be in breach of their NHS contract and could face fines from the Information Commissioner’s Office (ICO) if they do not appoint a data protection officer (DPO).
The information contained in these emails is inaccurate. There is no such status as an ICO-registered DPO. We have raised this issue directly with the company concerned.
We have also contacted the ICO. The regulator is aware of the misinformation and has received a high volume of related enquiries.
The correct position is that most independent dental practices are not legally required to appoint a DPO. Instead, as data controllers, practices are responsible for paying the ICO data protection fee where applicable and for complying with their data protection obligations. Practices can verify their requirements directly though the ICO website.
Members can use our template guide to completing the NHS Data Security and Protection Toolkit for accurate information on the latest DSPT requirements. Our NHS and business advice team are available to provide further support to members.
