Is your dental website data compliant ?

admin Blog

Like it ? Please Share It

GDPR for Dentists – New Data Privacy requirements for your patients data

As of the 25th May 2018, new General Data Protection Regulations (GDPR) came into force. All UK businesses are affected, including dental practices, and you could be leaving yourself open to substantial fines if your business is found to be non compliant.  The personal nature of data being collected on your dental website via forms and the ever present GDC regulations mean it’s time for all dental practice owners and managers to get their acts together and make sure they’re up to speed with the main requirements of the new legislation.

Contact Deseo Dental Marketing on 020 3004 9494 for more information on how we can help

So what are the main requirements of GDPR for dentists and dental practice managers ?

GDPR aims to strengthen individual users rights to data privacy – specifically the collection, storage and use of personal information and data. The penalty for non compliance can be up to 4% of annual turnover.

Personal data is anything that can be used to partly identify a living person – so items such as name, address, email address, IP data, location data, NI number etc and any of many other pieces of data routinely collected through your website.

There is also an additional class of information called Sensitive Personal Data – this is a sub strata of deeper personal information and data such as dental records or health records.

As of the 25th May 2018, your patients have the right to request from you a list of all personal information you hold about them and also information on how you store and use that data. You must allow the patient to access this information on request and they have the right to request that you delete their data.

Personal Data Storage in Dental Practices – What Management Needs to Do

  1. Perform an audit of all patient records held both online and offline. Confirm what you hold and make sure you understand why the data is held – old data held on clients who have left your practice or died should be deleted.
  2. Build a set of practice procedures and policies for holding personal data on patients : You need to plan for how you will respond to data access requests, how you will manage any data confidentiality breaches and who you will inform in such an event and also data security – what are your procedures for keeping current patient data securely stored ?
  3. Make an updated privacy statement and publish it on your website to inform visitors and clients
  4. Select a trusted member of staff to be Data Protection Officer
  5. Consider consulting a lawyer to make sure you are compliant with the new legislation.


Making Your Dental Website Data Compliant

Deseo Dental Marketing can help you to navigate your way through the multiple changes you may need to make to your website in order to comply with the new GDPR legislation – for a relatively small fee we can help with the following requirements :

  • Data breaches – we can install software which will alert you to any data breach should your website become compromised or hacked. It is now a GDPR requirement that you inform clients of any breach of their data so you must have a methodology in place to make sure you know if a data breach occurs on your site.

Data Collection, Storage and Processing

  • You now have a requirement to publish a detailed privacy policy explaining what data you collect, how you use the data and also how you store personal information
  • There must be an obviously easy way for people to get in touch with you to request the data you hold about them
  • Your cookie policy must be published although this is not covered by GDPR

Website Security

  • You should make sure your site is set up with a security certificate (SSL) – you can quickly check this by looking in the address bar of your website – if your address starts “https” you hold a security certificat, if it’s just “http” then you need to install an SSL.
  • Google is now starting to warn visitors to sites which don’t hold SSL cerificats, so you’re almost certainly losing visitors if you don’t have an SSL yet.
  • You should upgrade any forms on your website to “secure forms” – these store information collected on a secure server rather than transmitting data via email over non secure email accounts.


Please feel free to get in touchContact Deseo on 020 3004 9494 for more information on how we can help