The General Data Protection Regulations (GDPR) came into force on 25/05/2018 for England and Wales and this is reinforced by The Data Protection Act 2018, which is intended to regulate the processing of information relating to individuals.We are the Data Controller under the terms of the Data Protection Act 2018 and the requirements of the EU General Data Protection Regulation.
This Privacy Notice explains what Personal Data the practice holds, why we hold and process it, who we might share it with, and the rights and freedoms under the Law. The purpose of processing Personal Data is to obtain, store, update and archive data.
Types of Personal Data:
The practice holds personal data in the following categories:
- Patient clinical and health data and correspondence: Patients’ data is held for the purpose of providing patients with appropriate, high quality, safe and effective dental care and treatment.
- Staff employment data: Staff employment data is held in accordance with Employment, Taxation and Pensions law.
- Contractors’ data: Contractors’ data is held for the purpose of managing their contracts
The Lawful Basis for processing Personal Data:
We hold patients’ data because it is in our Legitimate Interest to do so. Without holding the data we cannot work effectively.
We hold staff employment data because it is a Legal Obligation for us to do so.
We hold contractors’ data because it is needed to fulfil a Contract with us.
We can only share data if it is done securely and it is necessary to do so. Patient data may be shared with other healthcare professionals who need to be involved in your care (for example if we refer you to a specialist or need laboratory work undertaken). Patient data may also be stored for back-up purposes with our computer software suppliers who may also store it securely.
Employment data will be shared with government agencies such as HMRC.
Data Protection Principles in Processing Personal Information
- Data should be processed fairly and lawfully. This is about being open and clear about how information is used.
- The purpose for collecting data must be legitimate.
- The correct amount is collected sufficient for the purpose.
- The data must be accurate and up to date. This will involve everyone in the team ensuring that accuracy of the data held has been checked especially when a new course of treatment is started. This includes checks on patient contact details and medical histories.
- Personal data should not be kept longer than is required.
- Subject access requests will manage the right of individuals to access their records.
- All personal data should be held securely.
The safety and security of all our IT systems is maintained.