As a service to members of the Association, we have created this Resource Centre to assist you in ensuring your practice is compliant with data protection legislation.
We would remind members that the data protection arrangements of individual members are a matter for those members and we are not in a position to comment on individual cases. We are not specialist advisors. The documentation we provide is for information and does not constitute advice which can be relied upon in the absence of professional advice which reflects the particular circumstances of each dentist and /or their dental practice.
The Irish Dental Association, its servants or agents do not accept any responsibility for any loss or damage occasioned by any person acting or refraining from acting as a result of the material we provide. Professional advice, including as appropriate legal, accountancy, taxation, actuarial and insurance advice should be sought independently.
The Data Protection Acts 1988 and 2003 impart a legal responsibility on dentists and their staff to recognise the type of personal data they may collect, how it may be used and that it should be kept securely. It requires dental healthcare professionals to understand the language of data protection and to assign responsibility within the team in the appropriate manner.
The Quality and Patient Safety Committee has developed a Practice Privacy Statement and a Data Protection Audit which will help you uphold your legal responsibility in relation to the personal data you gather and retain on behalf of your patients and staff. The Audit is designed to allow you audit your data collection, usage and protection in relatively small steps. Each of the main audit questions relates to a principle of data protection and, in turn, each main audit question is developed to allow you complete an audit for that particular principle. The Practice Privacy Statement supports the audit as it acts as a guide to satisfactory completion of the audit. The Practice Privacy Statement is intended to be a tool for guiding you in practice and as well as a statement for your patients’ benefit.
You are also invited to access the Data Protection Commissioner’s website before you start the audit.
The menu options on the left of the screen are particularly useful, especially the ‘For Organisations’ and ‘Guidance’ sections. We would recommend a review of ‘General Issues/Key Definitions’ in the latter section as it will allow you to acquaint yourself with the terminology of data protection.
Please note we have been advised by the Office of the Data Protection Commissioner that “any marketing message, i.e. text or email, must have an opt-out (a way of responding to say they do not want to receive any further marketing messages.). To send an electronic marketing message, the person MUST have given consent to receive”. Ideally, this consent should be in writing. “The most important issue in relation to electronic (Text / Email) marketing is that the patient is given an opportunity to object to such marketing AT THE TIME of collection of their data. If they are not a patient, they must actually give consent”.
If you acquire personal data for use in marketing your practice and the services you provide please refer to the advice of the Data Protection Commissioner:
Data Protection Commissioner (Ireland) guide to Direct Marketing - A General Guide for Data Controllers