Latest News


We have updated our policy in line with the new guidance and it will be written in full for anyone to read below. Copies are available at the practice.

Basically – we hold data on our patients in order to offer effective and safe treatments and to enable us to contact patients as necessary.

  • all records are locked away at night
  • we use a privacy screen on the reception computer
  • computers are password protected
  • we will audit our procedures regularly
  • records are destroyed safely after 12 years if the patient is no longer registered


The practice collects, holds, processes and shares personal data in accordance with the provisions of the General Data Protection Regulation and the Data Protection Act 2018.

The policy applies to personal data for patient’s records, employees’ data and contractors’ data.

We will ensure that personal data, including health data, will be;

  • processed lawfully, fairly and in a transparent manner
  • collected for specified, explicit and legitimate purposes only
  • adequate, relevant and necessary for the purpose
  • accurate and updated
  • kept for no longer than is necessary
  • processed in a secure manner and protected against loss, destruction or damage

Lawful Basis – data will be held and processed under the following Lawful Basis:

  • patient data and health records: for the Legitimate Interests of the practice in providing health care and treatment
  • employment records: as a Legal Obligation for the provision of Employment Terms and Conditions and supply of data to HMRC and other statutory functions such as pensions and benefits
  • Contractor data: for the fulfilment of contracts

We will additionally secure the specific consent of patients for the provision of electronic communication under the Privacy and Electronic Communications Regulations 2011.

Data Subjects’ Rights – we will ensure that the rights of Data Subjects are respected and maintained by:

  • the issue and promotion of a privacy notice detailing data processed, its origin and any disclosures, the Lawful Bases for processing and the rights of Data Subjects
  • The maintenance of a Subject Access process and the appointment of C. Stead as Data protection officer to oversee that process and to advise on compliance
  • a legitimate interest assessment ensuring individuals’ rights are balanced with the legitimate needs of the practice.
  • A data retention schedule
  • An Information Security Policy
  • A Data Breach Policy
  • Contractual assurance of adequate safeguards if data is processed outside the EU

Subject Access Requests – all data subjects may submit a request to be informed of the data we hold about them, its Lawful basis and from whom it is/was obtained and to whom it may be disclosed.  We will provide this information without charge and as soon as is reasonably possible and in any event within one month of a valid request being received.  Access requests should be addressed to C. Stead.

Training and Compliance – We will ensure that all staff are aware of their duty of strict confidentiality regarding personal data, both professional and under the Data Protection Law.  We will provide training and assure compliance and will review and refresh training on a regular basis.

It is a condition of continuing employment that all staff are aware of, sign their acceptance of and comply with their obligations under this policy.  Any queries or concerns must be immediately addressed to C. Stead.  A breach of this policy may amount to misconduct and result in disciplinary action.  Serious or persistent breaches may result in dismissal.

Security Data – The practice will publish and maintain an Information Security policy to assure against loss, damage, unlawful disclosure or non-compliant erasure of data.  All staff will be trained and advised of their obligations under this policy.

Tavistock Drive Dental Care, 0115 9602717. NG3 5DU

Comments are closed. | Ecommerce technology agency