GDPR exists to protect everyone’s personal data. The UK has adopted its own version called UK GDPR, which mirrors all the same principles.
📋 What is Personal Data?
Personal data means any information collected about a person. For example:
Filling out a web form
Requesting a callback
Signing up for a mailing list
As a dental practice, UK GDPR applies to how you manage personal data such as:
Email addresses
Phone numbers
Dates of birth
Treatment notes
Photographs
👥 Roles: You and DenGro
Role | Description |
You (Dental Practice) | Data Controller — you own, store, and are responsible for the data. |
DenGro | Data Processor — processes data on your behalf under your instructions. |
⚠️ Note: As the Data Controller, you decide how patient information is used and stored.
⚖️ Your Practice Responsibilities
As a Data Controller, you are responsible for decisions about:
How patient and lead data is used
Ensuring compliance with data laws
✔️ Lawful Basis for Holding Data
You must have a lawful basis for processing personal data, as defined by the ICO (Information Commissioner’s Office).
⚖️ Legal Advice Recommended: The appropriate lawful basis may vary across practices.
For example, leads captured for new vs. existing patients may differ.
🔍 Understanding Consent & Legitimate Interests
Enquiries about treatment are usually processed under legitimate interests (not consent).
Consent is relevant for marketing communications sent after the enquiry.
Service messages (appointment reminders, confirmations) do not require consent.
📢 Consent Best Practices
Use clear opt-in fields to capture consent when collecting data.
Consent language should be simple and transparent — no jargon.
Log consent clearly in your system.
Capture consent regardless of communication channel (phone, web, in-person).
Consider updating telephone scripts to include consent requests for new leads.
🤝 How DenGro Helps with Consent
DenGro aims to make GDPR compliance easier:
Pre-written consent wording available — customizable for your practice.
Record consent details when manually entering new leads.
Consent is linked to the team member who logged it, creating an audit trail.
View consent status clearly on each lead’s profile.
⚠️ Reminder: The responsibility for obtaining consent lies with you as the Data Controller.
🔄 Individuals’ Rights Over Their Data
Individuals can request to:
View the data you hold on them
Amend inaccuracies
Delete their personal data
📝 How to Manage Data Requests with DenGro
Action | How to Complete in DenGro |
View | Export lead data as a .CSV file from the Lead Detail page. |
Amend | Edit lead information directly in DenGro; export if needed. |
Delete | Delete the lead’s data fully in DenGro if requested. Requests to remove consent appear on your dashboard for easy action. |
⚠️ Important: You may need to delete data from other storage locations too.
📜 Update Your Privacy Policy
Your privacy policy should be updated to reflect individuals’ rights and your data handling processes under GDPR.