What is the GDPR?
The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union. It also addresses the export of personal data outside the EU.
On the 25th May 2018 the GDRP legislation will be in force.
What does this mean for laboratories and surgeries?
Laboratories are classified as ‘data processors’ as we will be receiving ‘personal data’ from surgeries regarding dentists and patients. We process this information in order to manufacture the medical appliance that is prescribed. The surgery is classified as a ‘data controller’, which means its the surgery or prescribing dentist that is responsible for informing the patient on how their information will be used and shared. The surgery/prescribing dentist is responsible for agreeing consent as DentureTech Laboratory have no, or limited contact with the patient.
The legislation requires an ‘Information Processing Agreement’ to be in place between the dental surgery/dentist ‘data controller’ and DentureTech Laboratory Limited; the ‘data processor’.
How do DentureTech use and store personal information from surgeries?
DentureTech solely use the personal information that is sent to us to manufacture the medical appliance on the patients prescription and deliver this safely back to the surgery. We may share this information with a sub-contractor, however they are only privy to the job number and prescription.
On occasion, if we have been contacted by email from a surgery, dentist or patient we will use this information to contact the appropriate person regarding work we are carrying out or to invoice for the work we have completed.
A detailed list of the information we collect, store and use is available from our ‘Information Processing Agreement’ which all surgeries will receive prior to work starting. If you do not have a copy or would like further information, please contact Caroline Griffin.