Skip to main content

GDPR & Your Practice

GDPR protects personal data; dental practices control data use and consent, with DenGro helping manage compliance and patient rights.

Louise Buscombe avatar
Written by Louise Buscombe
Updated over 3 weeks ago

GDPR exists to protect everyone’s personal data. The UK has adopted its own version called UK GDPR, which mirrors all the same principles.

📋 What is Personal Data?

Personal data means any information collected about a person. For example:

  • Filling out a web form

  • Requesting a callback

  • Signing up for a mailing list

As a dental practice, UK GDPR applies to how you manage personal data such as:

  • Email addresses

  • Phone numbers

  • Dates of birth

  • Treatment notes

  • Photographs

👥 Roles: You and DenGro

Role

Description

You (Dental Practice)

Data Controller — you own, store, and are responsible for the data.

DenGro

Data Processor — processes data on your behalf under your instructions.

⚠️ Note: As the Data Controller, you decide how patient information is used and stored.

⚖️ Your Practice Responsibilities

As a Data Controller, you are responsible for decisions about:

  • How patient and lead data is used

  • Ensuring compliance with data laws

✔️ Lawful Basis for Holding Data

You must have a lawful basis for processing personal data, as defined by the ICO (Information Commissioner’s Office).

⚖️ Legal Advice Recommended: The appropriate lawful basis may vary across practices.
For example, leads captured for new vs. existing patients may differ.

🔍 Understanding Consent & Legitimate Interests

  • Enquiries about treatment are usually processed under legitimate interests (not consent).

  • Consent is relevant for marketing communications sent after the enquiry.

  • Service messages (appointment reminders, confirmations) do not require consent.

📢 Consent Best Practices

  • Use clear opt-in fields to capture consent when collecting data.

  • Consent language should be simple and transparent — no jargon.

  • Log consent clearly in your system.

  • Capture consent regardless of communication channel (phone, web, in-person).

  • Consider updating telephone scripts to include consent requests for new leads.

🤝 How DenGro Helps with Consent

DenGro aims to make GDPR compliance easier:

  • Pre-written consent wording available — customizable for your practice.

  • Record consent details when manually entering new leads.

  • Consent is linked to the team member who logged it, creating an audit trail.

  • View consent status clearly on each lead’s profile.

⚠️ Reminder: The responsibility for obtaining consent lies with you as the Data Controller.

🔄 Individuals’ Rights Over Their Data

Individuals can request to:

  • View the data you hold on them

  • Amend inaccuracies

  • Delete their personal data

📝 How to Manage Data Requests with DenGro

Action

How to Complete in DenGro

View

Export lead data as a .CSV file from the Lead Detail page.

Amend

Edit lead information directly in DenGro; export if needed.

Delete

Delete the lead’s data fully in DenGro if requested. Requests to remove consent appear on your dashboard for easy action.

⚠️ Important: You may need to delete data from other storage locations too.

📜 Update Your Privacy Policy

Your privacy policy should be updated to reflect individuals’ rights and your data handling processes under GDPR.

Related Articles
GDPR Consent Status
How to export contacts out of DenGro to Mailchimp
PMS integration: Dentally
PMS Integration: SOE - EXACT
NEW: Dentally Integration Updates for 2025
Did this answer your question?