Internet Explorer and Edge browser users:
To download Word, Excel or PowerPoint files please right-click on the file you wish to download, and select 'Save target as...'

GDPR and dentistry update: New Data Protection Bill becomes law

24 May 2018

The Data Protection Bill received Royal Assent last night, and will come into force as the Data Protection Act 2018.

The Act covers the requirements set out in the General Data Protection Regulation (GDPR), and is just in time for the 25 May, when the GDPR becomes enforceable across the European Union.

We campaigned for amendments to the Bill, calling for dentists to be exempted from the need to appoint a Data Protection Officer (DPO), and got cross-party MPs' support, but the Government rejected this on 9 May.

However, we will continue to lobby for this change to be made through regulations, in due course.


What do dentists need to do?

There are significant steps high street dentists (both practice owners and associates) need to take to ensure compliance with GDPR and our advice for members outlines the key areas for dentists.

For BDA members, we have a tailored FAQ document, helping to explain your responsibilities under this new legislation, and the steps you need to take.

We're advising dentists not to be frightened into paying for expensive services that they do not need – BDA Extra and Expert members can get access to our one-to-one advice: email  

Although the regulations come into force tomorrow (25 May), we are advising dentists not to panic.


The three things that are most important are:

  1. Keeping patient (and staff) information secure. This has not changed. Dental practices are very good at keeping information secure. The GDC requires it.
  2. Adhere to the Data Protection Principles. These principles are largely unchanged from the old Data Protection Act. Most practices will already be complying with them.
  3. Be transparent about what information you have and what you are doing with it. This is covered in the privacy notices.

All aspects of GDPR are important and cannot be ignored. But we have been assured that, as long as you are working towards compliance, you will not be penalised if you have not yet got all your procedures and policies in place.


We have been assured that the Information Commissioner's Office is looking to support people comply, rather than punish them, at this stage.


Working for you

We will continue to campaign for better regulation for dentistry. If you'd like to be kept up to date with our progress:


Through our policy and campaigning work, we ensure that the concerns of all sections of the profession are raised and that dentists' voices are heard at a national level: join us.