GDPR and dentistry
General Data Protection Regulation (GDPR) is presented as a radical shake up of the law on how you deal with patient records but, in practical terms, dentists hopefully will find it is more straightforward.
Presuming you are already looking after your records carefully and maintaining patient confidentiality, the GDPR generally just means you have to be more rigorous in being able to show that you are being careful.
The principles that you have to comply with are more-or-less the same. There are a few slight differences, but they do not make any difference to the care that you need to take to ensure that personal data remains confidential.
The law applies to all personal data that you hold, including staff and associates as well as patients. You can only use the information in the records that you take in certain specific circumstances – these do cover all the legitimate uses that you would have for patient records and staff records but you need to be clear about these.
Known as your lawful basis for processing data you will need to identify a reason (or reasons) for your general record keeping and a special reason for handling sensitive data, which would be the clinical records that you take.
I've outlined more information about the lawful basis for processing data, as well as your obligations as to privacy notices, confidentiality and accountability and the requirements with regards to having a data protection officer, in the full version of my article in the BDJIP March edition, pp14-15.
Steps to compliance - GDPR and dental practices
Much of what you need to do to comply with the GDPR, you will be doing already but you may need to take steps to ensure that you can prove this if asked by the Information Comissioner's Office – so assess what personal information you have about patients and team members, how you get it, how you use it, who handles it, how you store it.
Some things to do:
short video on Dentistry: getting GDPR ready
Give out privacy notices to patients and team members
Check your systems for keeping data secure and ensure you have robust contracts in place with IT providers and other appropriate suppliers
Engage a Data Protection Officer (DPO)
Comprehensive coverage of the legal obligations for dentists are available in our
members advice section.
BDJ in Practice Editor
Working for you
We will continue to campaign for fair and
proportionate regulation for dentistry. If you'd like to be kept up to date with our progress:
- Please ensure you membership details are up to date via
- Ensure you tick the box in
MyBDA to subscribe to our regular e-newsletters.
- Follow our Twitter feed
Through our policy and campaigning work, we ensure that the concerns of all sections of the profession are raised and that dentists' voices are heard at a national level:
BDJ in Practice magazine
BDJ In Practice magazine is part of the BDJ portfolio, and is posted out to BDA members monthly, covering the latest issues, trends and information relevant to practising in dentistry today.