Internet Explorer and Edge browser users:
To download Word, Excel or PowerPoint files please right-click on the file you wish to download, and select 'Save target as...'

GDPR: what does it mean for dentists?

Blog Author David Westgarth

Blog Date 21/03/2018

GDPR and dentistry

​The General Data Protection Regulation (GDPR) is presented as a radical shake up of the law on how you deal with patient records but, in practical terms, dentists hopefully will find it is more straightforward.

Presuming you are already looking after your records carefully and maintaining patient confidentiality, the GDPR generally just means you have to be more rigorous in being able to show that you are being careful.

The principles that you have to comply with are more-or-less the same. There are a few slight differences, but they do not make any difference to the care that you need to take to ensure that personal data remains confidential.

The law applies to all personal data that you hold, including staff and associates as well as patients. You can only use the information in the records that you take in certain specific circumstances – these do cover all the legitimate uses that you would have for patient records and staff records but you need to be clear about these.

Known as your lawful basis for processing data you will need to identify a reason (or reasons) for your general record keeping and a special reason for handling sensitive data, which would be the clinical records that you take.

I've outlined more information about the lawful basis for processing data, as well as your obligations as to privacy notices, confidentiality and accountability and the requirements with regards to having a data protection officer, in the full version of my article in the BDJIP March edition, pp14-15.


Steps to compliance - GDPR and dental practices

Much of what you need to do to comply with the GDPR, you will be doing already but you may need to take steps to ensure that you can prove this if asked by the Information Comissioner's Office  – so assess what personal information you have about patients and team members, how you get it, how you use it, who handles it, how you store it.


Some things to do:

  • Watch our short video on Dentistry: getting GDPR ready

  • Give out privacy notices to patients and team members

  • Check your systems for keeping data secure and ensure you have robust contracts in place with IT providers and other appropriate suppliers

  • Engage a Data Protection Officer (DPO)

Comprehensive coverage of the legal obligations for dentists are available in our members advice section
David Westgarth

BDJ in Practice Editor


Working for you

We will continue to campaign for fair and proportionate regulation for dentistry. If you'd like to be kept up to date with our progress:


  • Please ensure you membership details are up to date via MyBDA 
  • Ensure you tick the box in MyBDA to subscribe to our regular e-newsletters. 
  • Follow our Twitter feed @theBDA

Through our policy and campaigning work, we ensure that the concerns of all sections of the profession are raised and that dentists' voices are heard at a national level: join us.

BDJ in Practice magazine

BDJ In Practice magazine is part of the BDJ portfolio, and is posted out to BDA members monthly, covering the latest issues, trends and information relevant to practising in dentistry today.