Internet Explorer and Edge browser users:
To download Word, Excel or PowerPoint files please right-click on the file you wish to download, and select 'Save target as...'


The Data Protection Act 1998 established a framework of rights and duties to safeguard personal information and balance the legitimate needs of organisations to collect and  use personal information  again the right  of individuals to have the privacy of their personal details respected.

Much has changed since 1998. We now give a lot of information about ourselves to a lot of organisations, usually willingly but frequently unknowingly. Quite often we don’t know what happens to this information, how it is used and how decisions about us are made. The General Data Protection Regulation 2018  (GDPR)  makes organisations more accountable in the way that they collect, use, store and dispose of personal information and gives individuals more control over information about them that they pass onto others.

Most of what you do stays the same, but some aspects need you to do more - for example: 

  • Audit your data to identify what you hold and why

  • Nominate or appoint a data protection officer if you're an NHS provider

  • Provide privacy notices to comply with the new law.

Our advice explains how you can comply - and the Expert templates help you to implement the changes. Don't be frightened into paying for expensive services you might not need.


Data Security and Protection Toolkit (DSPT) - Guide to completing 

GDPR explained

Protecting personal information

Expert templates

(Available to Expert members -Please log in or contact us on 020 7563 4550 to discuss your upgrade options or to join)

Access to information held by the practice

Audit - GDPR information
Audit - GDPR access to information 

Confidentiality policy
Data security policy - practice
Data protection processor agreement
Data protection processor agreement - associates
Data protection processor agreement - notes for use 
Data protection privacy notice - associates
Data protection privacy notice - employees

Data protection privacy notice - patients
Information asset register

New patient - welcome letter
Records management policy

Advice video

An overview of GDPR for dentists


CPD module - 3 hours verifiable

To help you understand GDPR and apply the new regulations in practice.

  • State what GDPR is

  • Know how data handling rules will apply to your practice

  • Know what responsibilities organisations have under GDPR

  • State what a data breach is and what action to take if one occurs.


New rules on data protection affecting dentistry


Online course: Become an effective data protection officer

One-to-one advice

Extra and Expert members have access to unlimited one-to-one advice via phone or email from our experienced advisors. Contact our Practice support team on 020 7563 4574 or email:


We may record telephone conversations that are advisory in nature to offer you additional security, resolve complaints and improve our service standards. Conversations may also be monitored for staff training purposes. You will be alerted to this when you call.