The BDA has expressed its disappointment that Ministers have refused to countenance any exemptions for primary care providers from the requirement to have a Data Protection Officer (DPO) in the Data Protection Bill.
The Government rejected BDA's suggested amendments when the Bill was debated in Parliament on 9 May. The BDA is continuing to lobby for this change to be made through regulations in due course.
The EU General Data Protection Regulation (GDPR) did not require dental practices to have a DPO, but the UK Government put this duty on NHS primary care providers by including them in its definition of "public authorities". The BDA and partners in optics and pharmacy had built cross-party support for amendments to the Data Protection Bill which would have exempted dentists from this unnecessary new requirement.
A group of four cross-party MPs – Christine Jardine, Shadow Health Minister Julie Cooper, former Health Minister Norman Lamb and Alex Cunningham – co-sponsored amendments which would have prevented this huge and needless burden being placed on high-street providers. Most dentists are not processing healthcare data "on a large scale" which means that under the GDPR they would not need a DPO, but the government has refused to exempt them from the definition of 'public authorities' in the Bill. The only exemptions was granted to parish councils as they were considered to process minimal amounts of sensitive data.
The BDA has again encouraged its members not to be lured by marketeers into entering prohibitively expensive contracts to outsource DPO duties and responsibilities. Members have reported that some practices are being quoted sums up to £15,000.
A DPO should be in place by 24 May 2018. The BDA does not believe that practices that do not have a DPO in place on 25 May 2018 are likely to face penalties if they are taking steps to get a DPO in place as soon as possible.
General Data Protection Regulation (GDPR) and dentistry
The BDA has been developing guidance and support for our members alongside our lobbying efforts in case the Government refused to change course. It has two upcoming courses covering all you need to know to be an effective Data Protection Officer 12 June | 26 June