Home > Topics > Ethical Practice > Data Protection Act 1998 > Data Protection Registration

Data Protection Registration

EthicalAll dentists hold personal information about patients and their staff (as either paper or computerised records), including patient databases, billing and recall systems, staff absence and sickness records and training plans, and are therefore ‘data controllers’. Under the Data Protection Act 1998 (DPA) [1], the (UK) Information Commissioner’s Office [2] is required to maintain a register of certain data controllers (i.e. firms and others who are responsible for processing information) and the purposes for which they use personal information.

To comply with legislation, register with the (UK) Information Commissioner’s Office [3] if you hold personal information about:

  • staff in the form of computerised records (e.g. absence and sickness records, training plans);
  • patients in the form of computerised records and you are the ‘owner’ of your own patient list (this is likely to apply to most dentists; for details and exceptions see ‘Registration requirements’ below).

NB: Notification is not currently required for data controllers who hold only personal paper records.

Inform the (UK) Information Commissioner’s Office [3] of any change to your registration (e.g. change of address, contact details, type of processing you are carrying out, the security statement, statement of exempt processing, trading names). If a registered data controller moves practice, provided there is no change to the legal status, the notification can be amended to reflect the address change. If the data controller changes their legal status (e.g. sole trader to partnership), then a new notification is required.

Some unscrupulous organisations operate in this field. Deal only with the (UK) Information Commissioner’s Office [2,3].

For details of whether or not you are required to notify under the DPA see ‘Registration requirements’ below and Information Governance in Dental Practices (PDF) [4]. For further information and advice call the Data Protection Notification Helpline [2] or visit the (UK) Information Commissioner’s Office website [3].

Registration requirements

  • Vocational dental practitioners (VDPs), Dental Foundation Year 2 trainees (formerly named general professional trainees) and assistants who are employed by the practice will be covered by the practice owner’s registration.
  • Hygienists who are self-employed might be required to register. It is advised that hygienists contact the Data Protection Notification Helpline for assistance [2,3].
  • Only one registration is required for an individual who works at more than one site.
  • It is likely that dental practices registered as limited companies can notify in the practice name, rather than in individual practitioners’ names; however, it is advisable that practices contact the Data Protection Notification Helpline for assistance [2,3].
  • Notifying the (UK) Information Commissioner’s Office  [3] of changes to the registration entry is a legal requirement.
  • A dentist who does not register or fails to renew their registration each year may be liable to prosecution, a fine and a complaint to the General Dental Council[5].
  • Registration costs £35 per year (changes to the notification fee structure came into effect on 1 October 2009; however, it is likely that the fee for most, if not all, practices will remain £35 [3]).
  • Because of the variety of working relationships that exist in dental practice, it is recommended that specific guidance is sought from the Data Protection Notification Helpline [2,3] to ensure compliance with statutory obligations.
  • See also Information Governance in Dental Practices (PDF) [4] published by the (UK) Information Commissioner’s Office [3].

Sources of Information

  1. Data Protection Act 1998 (1998) www.legislation.gov.uk/ukpga/1998/29/contents
  2. (UK) Information Commissioner’s Office
  3. Notification Under the Data Protection Act 1998.  Information Commissioner’s Office www.ico.gov.uk/what_we_cover/data_protection
  4. Information Governance in Dental Practices: Summary of findings from ICO reviews.  Information Commissioner’s Office (2015) https://ico.org.uk/media/action-weve-taken/audits-and-advisory-visits/1432834/information-governance-in-dental-practices (PDF)
  5. General Dental Council