All dental practices providing NHS treatment are considered as public authorities and are required to be fully GDPR compliant and to appoint an independent Data Protection Officer (DPO).
Over one third of UK dental practices have still NOT appointed an independent Data Protection Officer (DPO) and are NOT GDPR compliant.
You may have registered your dental practice as the Data Controller for your dental practice with the Information Commissioners office (ICO) but you may not have not appointed an Independent Data Protection Officer.
Appointing a DPO is not an honorary title. Many companies think that “sharing” a DPO if enough. IT IS NOT!
They also will constantly train your staff in cyber security and ensure that your firewalls, patches and security measures are up to date and are doing their job in protecting your data from hackers.
They will perform the mandatory yearly data audit that will be required by GDPR regulation. They will also record all security actions so that if you receive an ICO GDPR spot check you will pass it without any fines or sanctions.
This is a major requirement for GDPR compliance because in the case of a data breach only an truly independent DPO will report this to the ICO as required by GDPR law. If you use a DPO that is not truly independent then the ICO will view this as invalid and ICO fines and sanctions will be issued.
A tell tale sign that a dental practice has not appointed an independent DPO for their dental practice/s as required by GDPR law is IF THERE ARE NO CONSENT OR PRIVACY TICK BOXES ON THE CONTACT FORM. (Click Here to see Examples)
This means when someone presses the submit button and a dental practice receives the information the dental practice is now in clear breach of the GDPR requirement and can and will be fined by the ICO and can now be sued by the client!
If you are reading this page then on your dental practice website you do NOT have the consent and privacy caveats on the contact form as required by GDPR law.
Currently you are holding personal data without consent. (data is their name, telephone number and email address. This is deemed personal data by the UK GDPR regulation). Every single person who has ever filled out that contact form and pressed the submit button has officially given you their data but you have been holding and using that without their express permission and consent!
They simply have to have to follow the ICO’s instructions for a Data Subject Access Request (DSAR) https://ico.org.uk/for-the-public/getting-copies-of-your-information-subject-access-request/
They will also request from you, your Data Protection Impact Assessment document (DPIA) that you MUST ALREADY have by GDPR regulations, filled out, time and date stamped and signed BEFORE their request!
This will form the basis of a legal action (probably using a no win?no fee lawyer) and the investigation by an ICO case officer.
As a dentist practice and a public authority you are required by UK law to hold your patients dental records for ten years. This means that you must be already holding all patient records from 2014 to date.
However since the implementation of the 2018 GDPR law you can only hold any personal medical records with the written consent of the patient themselves.
Without your knowledge you may be holding patient information WITHOUT their written consent. If you are holding personal dental records without the express written permission of that individual this is illegal and is a clear breach of GDPR compliance.
Your pharmacy can now be fined by the ICO for non GDPR compliance and sued by the patient for non GDPR compliance and for holding medical records WITHOUT their written consent. (Click Here for the ICO links to see all of the other additional GDPR requirements for UK dental practices)
Because over one third of UK dentists are NOT GDPR compliant by holding personal data without their consent and/or holding patient dental records without the written consent of the patient, the Information Commissioners Office (ICO) are now pursuing rigorous GDPR spot checks on any dentist who are affiliated with the NHS.
You may receive an ICO GDPR spot check shortly!
Because of the unique needs of UK dental practices when it comes to GDPR compliance we have created a specialized Data Protection Officers program specifically designed to deal with and solve these unique GDPR issues that UK dental practices face.
We have trained and appointed qualified DPOA members that are registered Data Protection Officers with the ICO who specialize in GDPR compliance for dental practices.
They will be your Independent Data Protection Officer as required by the ICO and GDPR regulation.
They will quickly add the correct consent and privacy caveats not only to your website contact page but will thoroughly review all of your website, your advertising and your literature to ensure that they all comply with GDPR requirements.
Your DPOA independent DPO will also review all of your current stored data that has been collected illegally from your website contact form.
They will also review any records that are currently being stored without the written permission of the individual including dental records.
They will advise how to re format the data so that it fully complies with GDPR requirements WITHOUT the need to contact the individual!
They will also perform all of the required tasks that a registered Data Protection Officer is required to perform every week, month and year to ensure that your dental practice is fully GDPR compliant.
Our Comprehensive Dental Practice Data Protection Officer Service Includes:
Keeping your organisation informed and advised about data protection.
Monitoring your organisation’s compliance with the legislation.Making sure personal data protection is tailored to your care home.Co-operating with and act as the contact point with the ICO or other supervisory. authorities for your care home.
Inform and advise you concerning all GDPR issues:
Facilitate staff training including board members, managers and data facing staff Share best practice for data protection across the organisation Advise on the impact of other data protection regulations Answer queries on all aspects of personal data protection
Keep policies up to date with data protection requirements:
Privacy and cookie policy Consent forms General data protection policy Retention policy Employee policies etc. Data protection and privacy impact assessments (DPIAs and PIAs)
Ensure all compliance records are maintained including:
Records of Processing Activity (RoPA)Data asset register Breach register risk register log of individuals’ exercised rights supervisory authority contact records Training record
Full GDPR documentation (as required by GDPR regulations) including:
Data Breach Reporting FormData Protection Impact Assessment (DPIA) GDPR General Security DocumentationGDPR Information Security Documentation.
We will also perform these essential tasks:
Regular Cyber security staff training (as required by GDPR regulations)Yearly Data Audit (as required by GDPR regulations)
We will be your independent DPO and ensure GDPR compliance for your dental practice!