Edge browser users:
To download Word, Excel or PowerPoint files please right-click on the file you wish to download, and select 'Save link as...'


The Data Protection Act 1998 established a framework of rights and duties to safeguard personal information and balance the legitimate needs of organisations to collect and use personal information against the rights of individuals to have the privacy of their personal details respected.

Much has changed since 1998. We now give a lot of information about ourselves to a lot of organisations, usually willingly but frequently unknowingly. Quite often we don’t know what happens to this information, how it is used and how decisions about us are made. The General Data Protection Regulation 2018  (GDPR)  makes organisations more accountable in the way that they collect, use, store and dispose of personal information and gives individuals more control over information about them that they pass onto others.

Most of what you do stays the same, but some aspects need you to do more - for example: 

  • Audit your data to identify what you hold and why

  • Nominate or appoint a data protection officer if you're an NHS provider

  • Provide privacy notices to comply with the new law.

Our advice explains how you can comply - and the Expert templates help you to implement the changes. Don't be frightened into paying for expensive services you might not need.


Data Security and Protection Toolkit (DSPT) - Guide to completing 

GDPR explained

Protecting personal information

Expert templates

(Available to Expert members - Please log in or contact us on 020 7563 4550 to discuss your upgrade options or to join)

Access to information held by the practice

Audit - GDPR information
Audit - GDPR access to information

Confidentiality policy

Data security policy - practice
Data protection processor agreement
Data protection processor agreement - associates
Data protection processor agreement - notes for use  
Data protection privacy notice - associates
Data protection privacy notice - employees

Data protection privacy notice - patients
Information asset register

New patient - welcome letter
Records management policy

Advice video

An overview of GDPR for dentists


Become an effective data protection officer

GDPR places greater obligations on how organisations handle personal data, including the need for many organisations to appoint a Data Protection Officer. 

NB not suitable for practice owners. 

One-to-one advice

Extra and Expert members have access to unlimited one-to-one advice via phone or email from our experienced advisors. Contact our Practice support team on 020 7563 4574 or email: advice.enquiries@bda.org.


We may record telephone conversations that are advisory in nature to offer you additional security, resolve complaints and improve our service standards. Conversations may also be monitored for staff training purposes. You will be alerted to this when you call.