Internet Explorer and Edge browser users:
To download Word, Excel or PowerPoint files please right-click on the file you wish to download, and select 'Save target as...'

GDPR and dentistry - what you need to do

Blog Author Ayesha Khan

Blog Date 24/01/2018

What do dentists need to do?

The GDPR will add some new considerations to protecting dental patients’ and dental employees’ data, and you should start thinking about this now.


Watch our video on GDPR and dentistry:



We’ve produced advice for BDA members, focusing on dentistry and GDPR, and covering what dentists and dental practices need to do to prepare for GDPR.


The need to protect data: a potted history

The digital revolution in the 1970s gave birth to the Information Age in which we all live, work and play. From the early days of this era, there has been international recognition and regulation of the new ways huge amounts of information about individuals can be collected, stored, used and misused. The General Data Protection Regulation – GDPR – is the rule-book for the next generation of data users.
In 1984, the UK got its first Data Protection Act – then a relatively obscure piece of legislation governing automated processing of individuals’ data. It introduced registration requirements for those who used other peoples’ data, the right of individuals to access information about themselves, and financial penalties for unauthorised use, destruction and loss of data.  

As our relationship with information evolved so did the laws regulating it. The Data Protection Act 1998 modernised the law and now puts information management at the heart of business’ management structures.  

The 1998 Act, like its predecessor, speaks in terms of principles that data controllers – including the majority of dentists in general dental practice – must comply with. 

The first principle is that personal data must be processed fairly and lawfully. Certain types of data, including information about individuals’ physical or mental health or conditions, are classed as “sensitive”.

The Act states personal data can only be processed if certain limited conditions are met.  

Now, the UK Government is working on a new Data Protection Bill. This will build on the 1998 Act – using the same language of principles to follow and conditions to meet. And although we do not yet know exactly what the Data Protection Act 2018 will look like, we know that it must follow the rules laid down in the GDPR. 
Ayesha Khan
BDA Practice Management Consultant

BDA advisory services

Our advisory services team offers advice to BDA members on a huge range of issues, such as employment law, health and safety, the NHS, business support and regulatory inspections.
We also provide employment representation, an associate contract-checking service, mediation services, tribunal support and consultancy services: join us.