Data protection policy


Simpson and Nisbet Dental Centre complies with the 1998 Data Protection Act and this Policy describes our procedures for ensuring that personal information about patients is processed fairly and lawfully. We are fully computerised and are registered as a Data Controller with the Information Commissioner for this purpose. This policy works in conjunction without General Data Protection Regulations Policy which came into effect in May 2018.

In order to provide you with a high standard of dental care and attention, we need to hold personal information about you. This personal data comprises:

  • Personal details such as your name, age, address, telephone numbers, email address and your general medical practitioner;
  • Your past and current medical dental condition;
  • Radiographs, clinical photographs and study models;
  • Information about the treatment we have provided or propose to provide (and its cost);
  • Notes of conversations or incidents that might occur for which a record needs to be kept;
  • Records of consent to treatment
  • Any correspondence (relating to you) with other healthcare professionals: such as referrals to specialists, for example.

We need to keep comprehensive records about the patients at our practice. The information we hold must be accurate, adequate and not excessive in order to provide them with safe and appropriate dental care.

When we process personal data held about a patient we must do so under a lawful basis. We will process personal data that we hold about you in the following way:

We will retain your dental records while you are a practice patient. If you cease to be a patient, we will continue to hold them for at least another 11 years, or in the case of children until they reach the age of 25, whichever is longer. After this time the records will be destroyed as we no longer legally need to retain this information.

Personal data about you is held in the practice’s computer system and/or in a manual filing system. The information is not accessible to the public and only authorised members of staff have access to it. Our computer system has secure audit trails and we back up information on every working day. See also the practice Data Security Policy and General Data Protection Regulations Policy.

In order to provide proper and safe dental care, we may need to disclose personal information about you to:

  1. Your general medical practitioner
  2. The hospital or community dental services
  3. Other health professionals caring for you e.g. specialist laboratories or referral sources
  4. HMRC
  5. Private dental schemes of which you are a member e.g. Denplan, Simply Health, Bupa

Disclosure will take place on a “need to know” basis. Information will only be given to those individuals/organisations who need to have it in order to provide care to you and for the proper administration of Government (whose personnel are also covered by strict confidentiality rules and policies) the recipient will only be given the information that they need to know for these purposes and after we have obtained consent from the patient.

It is very limited circumstances or when required by law or by a court order, personal data may have to be disclosed to a third party not connected with your dental care. In all other situations, disclosure that is not covered by this Policy will occur only when we have your specific consent. Where possible you will be informed of these requests for disclosures.

You have the right to access the data that we hold about you and to receive a copy. Access may be obtained by making a request in writing. Not due to the GDPR we can no longer charge a patient if they wish to obtain their personal data. Our Data Controllers Rebecca Renforth and Natalie Henderson must respond with 1 month to the personal data access request to either deny or provide the patient with the information. The request can be denied if it is found to be excessive. They must also give a suitable valid reason to why they are denying the request. 

The Data Controllers, Rebecca Renforth and Natalie Henderson maintain a summary of all requests for access to records, disclosures, consent to disclosure and reasons for refusing access, and is documented on patient’s notes.

If you do not wish personal data we hold about you to be disclosed or used in the way that is described in this Policy, please discuss the matter with your Dentist/ Practice Manager/Data Controller. You have the right to object to how we process your data, but please remember that this may affect our ability to provide you with the best dental care.

Refer to Confidentiality Policy, Privacy Policy and General Data Protection Regulations Policy.

Last reviewed: May 2018