The Crucial Role of a Data Protection Officer in Dentistry. Dr Prabjhot Haire is owner and head cosmetic dentist at one of Greater Manchester’s leading cosmetic and dental care providers. They have a mixed client base consisting of both private and NHS patients. I had the pleasure of meeting her last week to discuss how GDPR and DPA 18 had affected the sector.
Firstly It’s worth mentioning here that the BDA (British Dental Association) have created some online toolkits. These include guidance and documentation for GDPR in dentistry. This has allowed the smaller GDPR compliance tasks to be implemented in-house. Having said that, the resources they provide are very much high level. Therefore do not address the ongoing compliance efforts surgeries must consider.
Firswood Dental Practice : https://firswood-dental.com/
Mandatory Appointment Of A Data Protection Officer:
A DPO ensures the organisation handles personal data of staff, customers, and providers according to data protection laws. All organisations deemed to be a public authority are in scope. The guidance given from the ICO clearly stated that all organisations should appoint a DPO or make adequate arrangements to fulfil the requirements of the GDPR. This is due to the fact that as we move into a more data centric era, responsibilities to comply with information security and the impacts of GDPR and DPA 18 will increase.
Do dental practices require a Data Protection Officer mandatorily? And what options do you have when looking at appointing a DPO?
Yes, that’s right, all practices who provide care for NHS patients are considered public authorities and due to this fact are required by law to appoint a Data Protection Officer.
Option 1 – Employ a new full-time Data Protection Officer, with relevant qualifications and experience of data protection. This will allow you to have a dedicated full-time member of staff who is the primary resource for GDPR compliance at the surgery. Consider the implications of recruiting and the cost associated with embedding a new full-time member of staff into the business when looking at this option.
Option 2 – Appoint an internal member of staff who has the relevant experience and qualifications to fulfil the role of Data Protection Officer. This option will allow you to use the incumbent resource that you have in the team. This option will be less disruptive and more cost effective in comparison with recruitment. However, consider the impact on BAU as you will need to look into the appointment beforehand and consider any conflict of interest. For example, the DPO and data controller cannot be the same person.
Option 3 – Outsourced Data Protection Officer. Share your DPO with other local surgeries. This option will be significantly less disruptive and more cost effective than recruitment. With minimal effect on BAU it may be worth reaching out via your dental networks to see what other local dental practices are doing. If you consider outsourcing, then make sure to look at the following before making a decision & be sure to document your justifications.
The Crucial Role of a Data Protection Officer in Dentistry:
- The size of your surgery (Number of staff, Suppliers and partners)
- Private or NHS clinic.
- Number of NHS patients
- Number of private patients.
- Geographical locations of the surgeries in relation to you and DPO.
- Is the DPO qualified to understand, implement and monitor compliance.
As business owners, you must take action and address your requirements to comply with the GDPR. In many cases, it has become difficult to find the right candidate for the role as demand outweighs availability of people with the required skills. Many of those who have also considered option 2 have also encountered difficulties as even incumbent knowledge in many cases lack the expertise and may also have a direct conflict of interest with their existing role.
For many, this has not been at the top of the to do list with the ongoing priority for most surgeries being delivering exceptional care for patients. GDPR and DPO’s have been overlooked and ignored. The question to ask yourself is that if you have a data breach, what repercussions this will have and how will that affect your business. There are many businesses that offer the outsourced DPO role as their main function so look at the marketplace before making a decision around what is best for you.
For more information on how CDS can help contact our team of DPO’S today: https://compliancedirectsolutions.com/data-protection/outsourced-data-protection-officer/