Skip to main content

GDPR & Your Practice

GDPR protects personal data; dental practices control data use and consent, with DenGro helping manage compliance and patient rights.

Louise Buscombe avatar
Written by Louise Buscombe
Updated over 3 weeks ago

GDPR exists to protect everyone’s personal data. The UK has adopted its own version called UK GDPR, which mirrors all the same principles.


📋 What is Personal Data?

Personal data means any information collected about a person. For example:

  • Filling out a web form

  • Requesting a callback

  • Signing up for a mailing list

As a dental practice, UK GDPR applies to how you manage personal data such as:

  • Email addresses

  • Phone numbers

  • Dates of birth

  • Treatment notes

  • Photographs


👥 Roles: You and DenGro

Role

Description

You (Dental Practice)

Data Controller — you own, store, and are responsible for the data.

DenGro

Data Processor — processes data on your behalf under your instructions.

⚠️ Note: As the Data Controller, you decide how patient information is used and stored.


⚖️ Your Practice Responsibilities

As a Data Controller, you are responsible for decisions about:

  • How patient and lead data is used

  • Ensuring compliance with data laws


✔️ Lawful Basis for Holding Data

You must have a lawful basis for processing personal data, as defined by the ICO (Information Commissioner’s Office).

⚖️ Legal Advice Recommended: The appropriate lawful basis may vary across practices.
For example, leads captured for new vs. existing patients may differ.


🔍 Understanding Consent & Legitimate Interests

  • Enquiries about treatment are usually processed under legitimate interests (not consent).

  • Consent is relevant for marketing communications sent after the enquiry.

  • Service messages (appointment reminders, confirmations) do not require consent.


📢 Consent Best Practices

  • Use clear opt-in fields to capture consent when collecting data.

  • Consent language should be simple and transparent — no jargon.

  • Log consent clearly in your system.

  • Capture consent regardless of communication channel (phone, web, in-person).

  • Consider updating telephone scripts to include consent requests for new leads.


🤝 How DenGro Helps with Consent

DenGro aims to make GDPR compliance easier:

  • Pre-written consent wording available — customizable for your practice.

  • Record consent details when manually entering new leads.

  • Consent is linked to the team member who logged it, creating an audit trail.

  • View consent status clearly on each lead’s profile.

⚠️ Reminder: The responsibility for obtaining consent lies with you as the Data Controller.


🔄 Individuals’ Rights Over Their Data

Individuals can request to:

  • View the data you hold on them

  • Amend inaccuracies

  • Delete their personal data


📝 How to Manage Data Requests with DenGro

Action

How to Complete in DenGro

View

Export lead data as a .CSV file from the Lead Detail page.

Amend

Edit lead information directly in DenGro; export if needed.

Delete

Delete the lead’s data fully in DenGro if requested. Requests to remove consent appear on your dashboard for easy action.

⚠️ Important: You may need to delete data from other storage locations too.


📜 Update Your Privacy Policy

Your privacy policy should be updated to reflect individuals’ rights and your data handling processes under GDPR.

Did this answer your question?