A Data protection impact assessment (DPIA) is a mandatory requirement for situations where data processing is likely to result in high risk to individuals, for example deploying new technology. This is unlikely to be required in dentistry unless you plan to introduce a new software package or install CCTV in the practice.
Further DPIA advice provided by the Information Commissioner’s Office
If a DPIA is required, you should:
Describe the data processing activities you undertake.
Identify and assess the risks to the individuals whose data you process.
Identify the ways in which you intend to mitigate the risks to individuals.
Record the outcomes of the DPIA.