GDPR is simply consumer data protection. It’s not new; in fact legislation around the use of our data has been around for a while, but this change is a big one with potentially hefty fines for breaching compliance. The updates are being made in response to our ever increasing digital world, creating more robust regulations, so it’s important to have the lowdown.
GDPR exists to protect everyone’s personal data, and updates to this legislation affect all businesses that handle data for EU citizens. ‘Data’ refers to any information collected about a person. For example, any instance in which a person fills out a web form, requests a call back or signs up to a mailing list, they pass on their personal information to that business. So, as a dental practice with a database of patients and potential patients, GDPR directly applies to how you manage this kind of personal data (such as email addresses, telephone numbers, dates of birth, treatment notes, photographs, etc.).
You. As a dental practice you are a Data Controller. You own, store and are responsible for data about your patients, and those who may be interested in treatment (your leads).
DenGro. As a tool that helps you manage and process data about your leads, DenGro is a Data Processor. DenGro does not own the data.
As a dental practice, you are a Data Controller (in GDPR lingo), which means that you own and control information about your patients, as well as data for those who may be interested in treatment. In terms of the updated legislation, this means that there are three main areas that need your attention:
You can process data provided you have a lawful basis for doing so, as defined by the ICO.
We recommend you seek professional legal advice as the relevant legal basis will vary across different practices, and could vary for example if you are capturing leads for new or existing patients.
You may want to rely on gaining consent at the point you capture data using opt in fields. Opting in should be clear and transparent, with no long words or jargon, and it must be clearly logged.
If you take this approach, it is important that consent is captured irrespective of the channel of communication that they reach you by. So, you may wish to review your telephone scripts to include a request for consent in preparation for when a new lead calls the practice directly.
How DenGro is helping you with consent
Our aim with DenGro has always been to make your practice life simpler, so we’ve made a few changes to help you stay on the right side of GDPR* with minimum hassle.
So, what about all your existing leads? if you're relying on consent as your legal basis, it’s possible that you don’t have consent documented for historical leads, so it’s important that you consider how to take action to ensure data for existing leads is GDPR compliant. We’re not legal specialists, but if you want to get started, two options might be:
If you have an alternative legal basis to keep data, you can obviously rely on that too.
Individuals have more extensive rights to view the data you store about them, and require that you amend or completely delete that information at their request.
Your practice may receive requests to view, amend or delete personal data. For new leads, DenGro automations (emails and SMS messages) will have a link where the lead can manage their contact preferences.
You can action data requests using DenGro by completing one of the following actions:
Our DenGro team come up with solutions everyday to make your practice life easier. Some of our upcoming developments will not only help you capture lead data, but also manage it more securely.
Build your own data capture forms
Pretty soon, you’ll be able to create a data capture form for your website or landing pages from within DenGro. These forms capture data from someone interested in your practice or a particular treatment. You’ll be able to customise the forms, and add them to your website or landing pages with a single line of HTML.
DenGro will also soon be updated to assist you in capturing general enquiries more securely. This means that when you receive a general enquiry it will be stored in DenGro, where the person’s message and details will be held securely until reviewed. You will able to choose to treat the enquiry as a lead, or to review it and archive it when it’s been dealt with accordingly, saving you from receiving lead data from unsecure emails.
Capture of patient referrals is also a new feature on the horizon. When a referral heads into DenGro from another practice, you’ll be given the option to accept or reject it. If you click ‘Accept’, you’ll be prompted to add consent. You’ll need to complete this step in order for their details to go into DenGro as a new lead, or to review their details and archive the task when you’ve dealt with it. If you reject a referral, DenGro will automatically remove the data.
DenGro is dedicated to simplifying your practice lead management, which is why we’ve made these changes to assist your practice with GDPR compliance. However, we’re not lawyers, and GDPR applies to the way your practice as a whole manages people’s data. We’ve updated DenGro to continue to make lead management as easy for you as possible, but you’ll need to consider areas not covered by DenGro, and make sure you’re up to date with any developments.
Data awareness. If you receive data without explicit consent, it is your responsibility to make sure you handle this in a lawful manner.
Children under 16. Parental consent is required for any data stored for children under the age of 16. We haven’t designed DenGro to market to the under 16 market, and our terms and conditions reflect this.
Becoming practice compliant with GDPR may also mean getting in contact with other service providers you use, to see how they are responding to legislation changes and how it affects you.
If you want to know more about GDPR and brush up on your data protection knowledge, we’ve listed a few resources here which you might find useful.
The Information Commissioner’s Office has a number of online resources:
IT Governance offers recommended books, training, plans, privacy notes, and procedures. Quick wins to demonstrate GDPR compliance.
*Don’t forget that GDPR applies to the whole of your business. This page offers you information on our DenGro updates, but you will need to consider how the legislation affects your business as a whole. You can do this by consulting with a specialist or using a Data Protection Assessment Toolkit.