How does GDPR affect dentists?
Many high-street dentists and dental practices are actually in a good position to deal with the requirements of the GDPR, as dentistry has been a heavily regulated profession and many practice owners already follow stringent data protection procedures and have robust policies in place. This is why we're saying "don't panic!"
However, there are some strengthened and new layers of compliance that will be required and you need to ensure that you have all the right structures and systems in place before the 25 May 2018, to ensure your dental practice will be complying when the new regulation takes effect.
GDPR will affect dentists working in all four of the UK countries – if you are not complying you could be liable for a hefty fine.
What do you need to do?
We know there are significant steps high street dentists (both practice owners and associates) will need to take to ensure compliance with GDPR and our advice for members outlines the key areas:
BDA Extra and Expert members can contract to our team of business and legal advisers for help and support on compliance with the GDPR in dentistry, email firstname.lastname@example.org.
If you're not a member then join to comply with confidence.
Expensive external providers
We're hearing reports that some practices are being quoted £15000 to outsource the Data Protection Officer duties and responsibilities. We urge members to not be scared into signing these expensive contracts.
Appointing a DPO is a requirement for NHS practices. A DPO should be in place by 24 May 2018.
We do not believe that practices that do not have a DPO in place on 25 May 2018 are likely to face penalties if they are taking steps to get a DPO in place as soon as possible.
First, the Data Protection Bill and the requirement for DPOs is a relatively recent burden. Second the Government Department responsible for the Data Protection Bill has said to us “the department is confident that the Information Commissioner will be pragmatic, fair and proportionate in considering how primary healthcare providers implement the DPO role.”
However, we know that members are professionals who take regulatory requirements seriously and for those who are keen to begin the process we have some training available in June:
How to be an effective Data Protection Officer 12 June | 26 June
It's worth stating for clarity that the DPO requirement does not extend to solely private practices.
What has the BDA doing on behalf of members?
We campaigned for amendments to the Data Protection Bill,
which would have exempted dentists from the needless and burdensome new requirement to appoint a DPO. We lobbied the Government and MPs from across all parties on this issue and were pleased that a group of four cross-party MPs – Christine Jardine, Shadow Health Minister Julie Cooper, former Health Minister Norman Lamb and Alex Cunningham – co-sponsored an amendment which would have prevented this huge and needless burdens being placed on high-street providers.
Unfortunately, the Government rejected the amendment when the Bill was debated in Parliament on 9 May. However we will continue to lobby for this change to be made through regulations in due course.
Working for you
We will continue to campaign for better regulation. If you'd like to be kept up to date with our progress:
- Please ensure you membership details are up to date via MyBDA
- Ensure you tick the box in MyBDA to subscribe to our regular e-newsletters.
- Follow our Twitter feed @theBDA
Through our policy and campaigning work, we ensure that the concerns of all sections of the profession are raised and that dentists' voices are heard at a national level: join us.