- Published: Thursday, 10 May 2018 17:16
- Written by News Editor
- Hits: 2305
The BDA has expressed its disappointment that Ministers have refused to countenance any exemptions for primary care providers from the requirement to have a Data Protection Officer (DPO) in the Data Protection Bill.
The Government rejected BDA’s suggested amendments when the Bill was debated in Parliament on 9 May. The BDA is continuing to lobby for this change to be made through regulations in due course.
The EU General Data Protection Regulation (GDPR) did not require dental practices to have a DPO, but the UK Government put this duty on NHS primary care providers by including them in its definition of “public authorities”. The BDA and partners in optics and pharmacy had built cross-party support for amendments to the Data Protection Bill which would have exempted dentists from this unnecessary new requirement.
A group of four cross-party MPs – Christine Jardine, Shadow Health Minister Julie Cooper, former Health Minister Norman Lamb and Alex Cunningham – co-sponsored amendments which would have prevented this huge and needless burdens being placed on high-street providers. Most dentists are not processing healthcare data "on a large scale" which means that under the GDPR they would not need a DPO, but they government has refused to exempt them from the definition of 'public authorities' in the Bill. The only exemptions was granted to parish councils as they were considered to process minimal amounts of sensitive data.
The BDA has again encouraged its members not to be lured by marketeers into entering prohibitively expensive contracts to outsource DPO duties and responsibilities. Members have reported that some practices are being quoted sums up to £15,000.
A DPO should be in place by 24 May 2018. The BDA does not believe that practices that do not have a DPO in place on 25 May 2018 are likely to face penalties if they are taking steps to get a DPO in place as soon as possible.
This not only has consequences for small dental practices but also opticians and pharmacists who have only recently been forced to accept the loss of the NHS subsidy to provide pharmacy services . I have been quoted £5000 to provide an external DPO service by a competent firm of dental solicitors , where exactly am I expected to find this additional funding when my NHS pay rises are below inflation year on year yet the patient charges seem to rise exponentially . Suggestions that I make my dental nurse or even cleaner the person responsible for data protection is ludicrous .Strangely a private practice does not need to have a DPO , its only the insistence that anyone with an NHS contract is a Health Body that has caused the problem
GDPR sensible update......Having spoken in detail with the ICO later today, here is my brief summary:
1. Yes any dental practice treating nhs patients will be regarded as a public body for GDPR purposes and have to appoint a DPO by 25th May.
2. However the ICO expect the majority of dental DPOs to be INTERNAL to the Practice appointments of an employee, not external unless very large practices, multiple sites etc.
3.The appointed Employee must not have conflicts such as being the Owner or being head of HR (often the PM) but can be anyone else.
4. Whilst 'appointment' of a DPO must happen by 25th May, their further training & development can continue afterwards and the ICO aren't prescriptive about the timescale, but such actions should be demonstrable if asked.
5. Private Practices don't need a DPO appointed (unless defined as large data user).
6. The BDA will have some more useful and pragmatic solutions/suggestions at the British Dental Conference and Dentistry Show at the NEC next week!
Yours helpfully :)
You need to be logged in to leave comments.