Internet Explorer and Edge browser users:
To download Word, Excel or PowerPoint files please right-click on the file you wish to download, and select 'Save target as...'

New rules on data protection affecting dentistry

Blog Author Ayesha Khan

Blog Date 24/01/2018

The need to protect data: a potted history

The digital revolution in the 1970s gave birth to the Information Age in which we all live, work and play. From the early days of this era, there has been international recognition and regulation of the new ways huge amounts of information about individuals can be collected, stored, used and misused. The General Data Protection Regulation – GDPR – is the rule-book for the next generation of data users.
In 1984, the UK got its first Data Protection Act – then a relatively obscure piece of legislation governing automated processing of individuals’ data. It introduced registration requirements for those who used other peoples’ data, the right of individuals to access information about themselves, and financial penalties for unauthorised use, destruction and loss of data.  

As our relationship with information evolved so did the laws regulating it. The Data Protection Act 1998 modernised the law and now puts information management at the heart of business’ management structures.  

The 1998 Act, like its predecessor, speaks in terms of principles that data controllers – including the majority of dentists in general dental practice – must comply with. 

The first principle is that personal data must be processed fairly and lawfully. Certain types of data, including information about individuals’ physical or mental health or conditions, are classed as “sensitive”. 
The Act states personal data can only be processed if certain limited conditions are met.  

Now, the UK Government is working on a new Data Protection Bill. This will build on the 1998 Act – using the same language of principles to follow and conditions to meet. And although we do not yet know exactly what the Data Protection Act 2018 will look like, we know that it must follow the rules laid down in the GDPR. 

What do dentists need to do?

The GDPR will add some new considerations to protecting your patients’ and employees’ data, and you should start thinking about this now.

We’ve produced advice for BDA members, to introduce you to the new legislation and help you prepare for it.