Types of information held within a dental practice include patient details, employee details and associate details. A practice may hold personal identifiable information for several data processing purposes.
Document what personal data you hold, where it came from and who you share it with (see GDPR Information Audit template).
- Consider undertaking an information audit which details:
- What personal information you hold
- The reasons you are holding the information
- The way that the information was gathered
- The reason the information was originally gathered
- The lawful basis for holding the information for each data processing purpose (see Lawful Basis)
- How long you will retain the information
- How and when the information will be destroyed
- How the information is kept secure (in terms of encryption and accessibility)
- Who can access the information
- The basis for sharing the information with third parties
If you discover that you have shared incorrect information with another organisation, inform them that the information was incorrect and the action required to rectify this.
Put in place a procedure to periodically check that the information you hold is correct and up to date.
- For patients this may already be undertaken when checking contact details and medical histories at each appointment, but consider an annual check of employee and associate information.