General Data Protection

General Data Protection Regulation (GDPR)
Data Protection Policy & Procedures for
Bridge Street Dental Centre

Bridge Street Dental Centre aims to comply with the Data Protection Act 2018 and the General Data Protection Regulation (GDPR). This policy and the related procedures lay out how Bridge Street Dental Centre complies with the Data Protection Act 2018 and the GDPR. All team members must ensure they read, understand and comply with our policy and procedures in relation to the Data Protection Act 2018 and the GDPR.

Ensuring that individuals’ personal information is processed in line with the requirements of the GDPR and that individuals’ privacy is respected is imperative and all team members must give this a very high priority.

To comply with the Data Protection Act 2018, our practice has notified the Information Commissioner that personal information relating to patients and team members is processed and stored within our practice.

Please note: the UK Data Protection Act 2018 enshrines the requirements of the GDPR in British law. To avoid repetition, this policy refers to the requirements of the GDPR rather than repeatedly quoting both pieces of legislation.

Data Protection Definitions
GDPR defines a number of roles and responsibilities and introduces some new roles and terminology. Team members must ensure they are familiar with these.

The following are relevant and are explained below:

Data Processing
Includes collecting the information about an individual, using it, storing it, securing it, disclosing it and destroying it etc. GDPR applies to all businesses and organisations and to all personal data held about individuals. In a dental practice this means patients, employed and self-employed team members, referrer’s and anyone else that the practice processes data for.

Data Controller
A data controller determines the purposes and means of processing personal data. This is Bridge Street Dental Centre

Data Processor
A data processor is responsible for processing personal data on behalf of a controller. Data processors are required to maintain records of personal data and processing activities and they have legal liability if they are responsible for a breach.

All practice team members are data processors. The employer is responsible for making all team members aware of their responsibilities in relation to data protection. The need to comply with GDPR and other data protection laws is included in all employment contracts and associate agreements.

Data processors are also the practice management software companies, IT support companies, payment plan providers and all other organisations that handle personal data on behalf of the controller.

Data Subject
An individual for whom we process personal information.

Personal Data
Name, address, date of birth, doctor’s name and address etc. The personal and the sensitive (including special category) data we process for our patients and team members is listed in our data inventories, GDPR Inventory Patients and GDPR Inventory Staff which are located practice computer system and within paper files.

Special Category Data
Includes sensitive information such as medical history, medical and dental records, ethnic origin, race, political opinions, religion, trade union membership, genetics, biometrics, health, sex and sexual orientation. It also includes DBS checks, Hepatitis B status.

Unauthorised Access
If someone who is not entitled to see details of another individual’s personal data can obtain access without permission, this is unauthorised access and a breach of GDPR.

Personal Privacy Rights
Under GDPR, all individuals who have personal data held about them have the following personal privacy rights:

• Right to subject access.
• Right to have inaccuracies deleted.
• Right to have information erased.
• Right to object to direct marketing.
• Right to restrict the processing of their information, including automated decision-making.
• Right to data portability.

Automated Decision Making
This includes all decisions made without human intervention e.g. email reminders to book an appointment or text or email reminders of appointments, direct marketing i.e. all decisions that are taken automatically.

Data Portability
The ability to take personal data elsewhere e.g. to another dental practice or employer.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

General Data Protection Regulation (GDPR)Data Protection Policy & Procedures forBridge Street Dental Centre

General Data Protection Regulation (GDPR)
Data Protection Policy & Procedures for
Bridge Street Dental Centre