Data Protection

Data protection ensures that information about individuals is used in a fair and proper way. Organisations that collect information about individuals need to comply with the UK data protection regime, which is set out in the Data Protection Act 2018 [1]. The law applies to any ‘processing of personal data’, including personal information which is publicly available. 

All dentists process personal information about patients and therefore must comply with this data protection legislation.

There isn’t really much of a difference. The General Data Protection Regulation (GDPR) [3] is EU legislation that became part of UK law when it came into effect in May 2018. However, GDPR allows for adaptations to reflect national requirements in each of the EU Member States. The Data Protection Act 2018 [1] adapts GDPR for use in the UK and also includes some additional provisions for areas of data processing not covered by GDPR in areas such as law enforcement and national security. 

The GDPR is an EU regulation, and it no longer applies within the UK. However, the EU GDPR has been retained in UK law as the UK GDPR. The DPA 2018 complements the UK GDPR.

Businesses operating within the UK must comply with the Data Protection Act (2018) [1] and the UK GDPR [4].

The General Data Protection Regulations (GDPR) strengthened the  privacy legislation and place new obligations on organisations in the way they collect, process and store personal identifiable information.
GDPR is reflected in the Data Protection Act 2018 (DPA 2018) [1] and many of the requirements of the updated legislation are similar to those required to satisfy the previous 1998 Data Protection Act. However, there are some additional obligations that require those processing personal information to be able to show how they comply with the data protection principles.