BDA on the GDPR and dentistry update: Data Protection Act 2018
The Data Protection Bill received Royal Assent last night and will come into force as the Data Protection Act 2018.
The Act covers the requirements set out in the General Data Protection Regulation (GDPR) and is just in time for tomorrow (25 May) when the GDPR becomes enforceable across the European Union.
BDA campaigned for amendments to the Bill, calling for dentists to be exempted from the need to appoint a Data Protection Officer (DPO), and got cross-party MPs’ support, but the Government rejected this on 9th May. However, the association will continue to lobby for this change to be made through regulations, in due course.
What do dentists need to do?
There are significant steps high street dentists (both practice owners and associates) need to take to ensure compliance with GDPR and BDA’s advice for members outlines the key areas for dentists.
For BDA members, there is a tailored FAQ document for practice owners, helping to explain your responsibilities under this new legislation, and the steps you need to take.
Although the regulations come into force tomorrow (25 May), BDA is advising dentists not to panic. The three things that are most important are:
1. Keeping patient (and staff) information secure. This has not changed. Dental practices are very good at keeping information secure. The GDC requires it.
2. Adhere to the Data Protection Principles. These principles are largely unchanged from the old Data Protection Act. Most practices will already be complying with them.
3. Be transparent about what information you have and what you are doing with it. This is covered in the privacy notices.
The other aspects of GDPR are important. They cannot be ignored. But we have been assured that, as long as you are working towards compliance, you will not be penalised if you have not yet got all your procedures and policies in place. The Information Commissioner’s Office is looking to help people comply rather than punish them.