The Government rejected the BDA’s suggested amendments when the Bill was debated in Parliament on May 9. The BDA is continuing to lobby for this change to be made through regulations in due course.
The EU General Data Protection Regulation (GDPR) did not require dental practices to have a DPO, but the UK Government put this duty on NHS primary care providers by including them in its definition of “public authorities”. The BDA and partners in optics and pharmacy had built cross-party support for amendments to the Data Protection Bill which would have exempted dentists from this unnecessary new requirement.
A group of four cross-party MPs – Christine Jardine, shadow health minister Julie Cooper, former health minister, Norman Lamb and Alex Cunningham – co-sponsored amendments which would have prevented this huge and needless burden being placed on high-street providers. Most dentists are not processing healthcare data "on a large scale" which means that under the GDPR they would not need a DPO, but they government has refused to exempt them from the definition of 'public authorities' in the Bill. The only exemption was granted to parish councils as they were considered to process minimal amounts of sensitive data.
The BDA has again encouraged its members not to be lured by marketeers into entering prohibitively expensive contracts to outsource DPO duties and responsibilities. Members have reported that some practices are being quoted sums up to £15k.
A DPO should be in place by May 24, 2018. The BDA does not believe that practices that do not have a DPO in place on May 25 are likely to face penalties if they are taking steps to get a DPO in place as soon as possible.