BERRY LANE DENTAL SURGERY DATA PROTECTION POLICY CONTEXT AND OVERVIEW
Berry Lane Dental Surgery needs to gather and use certain information about individuals.
These can include clients, business contacts, employees and other people with whom Berry Lane Dental Surgery has a relationship and whom it may need to contact.
This Policy describes how this personal data must be collected, handled and stored to meet the Company’s data protection standards – and comply with the law.
Why this policy exists
This Data Protection Policy ensures that Berry Lane Dental Surgery:
Data Protection law
The General Data Protection Regulations (GDPR) 2018 describe how organisations – including Berry Lane Dental Surgery – must collect, handle and store personal information.
These regulations apply regardless of whether data is stored electronically, on paper or on other materials.
To comply with the law, personal information must be collected and used fairly, stored safely, and not disclosed unlawfully.
The GDPR 2018 is underpinned by six important principles. Personal data must be:
21 May 2018
Processed in an appropriate manner to maintain security
PEOPLE, RISKS AND RESPONSIBILITIES
This policy applies to all Berry Lane Dental Surgery staff
This policy applies to all data that Berry Lane Dental Surgery holds relating to identifiable
individuals. This can include:
Data Protection risks
This policy helps to protect Berry Lane Dental Surgery from data security risks, including:
Breaches of confidentiality – for instance, information being given out inappropriately.
Failing to offer choice – for instance, all individuals should be free to choose how Berry Lane Dental Surgery uses data relating to them.
Reputational damage – for instance, Berry Lane Dental Surgery could suffer if hackers successfully gained access to personal data.
Everyone working for Berry Lane Dental Surgery has some responsibility for ensuring data is collected, stored and handled properly in line with this policy and data protection principles.
The Director is responsible for ensuring that Berry Lane Dental Surgery meets its legal obligations.
Reviewing all data protection procedures and related policies, in line with an agreed schedule
Arranging data protection training and advice
Handling data protection questions from staff and anyone covered by this policy
Dealing with requests from individuals to see the data that Berry Lane Dental Surgery holds about them (Subject Access Requests)
Checking and approving any contracts or agreements with third parties that may handle Berry Lane Dental Surgery personal data
Ensuring all IT systems, services and equipment used for storing data meet acceptable security standards
21 May 2018
Performing regular checks and scans to ensure security hardware and software is functioning properly
Evaluating any third party services Berry Lane Dental Surgery is considering using to store or process data, such as cloud computing services Approving any data protection statements attached to communications
Berry Lane Dental Surgery will provide training to staff to help them understand their responsibilities when handling data.
All data must be kept secure by taking sensible precautions and following the guidelines below.
Strong passwords must be used on all systems.
Personal data should not be disclosed to unauthorised people outside Berry Lane Dental Surgery.
Data should be regularly reviewed and updated if it is found to be out of date. If no longer required, it should be deleted.
Staff should request help the Director if they are unsure of any aspect of data protection.
These rules describe how and where data should be safely stored.
When data is stored on paper, it should be kept in a secure place where unauthorised people cannot see it. Data print-outs should be shredded and disposed of securely when no longer required
When data is stored electronically, it must be protected from unauthorised access, accidental deletion and malicious hacking attempts:
Data should be protected by strong passwords that are changed regularly. If data is stored on removable media, these should be locked away securely when not being used.
Data should only be stored on designated drives and servers, and should only be uploaded to approved cloud computing services.
Data should be backed up frequently. These backups should be tested regularly.
All servers and computers containing data should be protected by approved security software and a firewall.
21 May 2018
The Regulations require Berry Lane Dental Surgery to take reasonable steps to ensure data is accurate and kept up to date. It is the responsibility of all staff implement this.
Data should be kept in as few places as necessary. Staff should not create any unnecessary additional data sets.
SUBJECT ACCESS REQUESTS
All individuals whose personal data is held by Berry Lane Dental Surgery are entitled to:
DISCLOSING DATA FOR OTHER REASONS
In certain circumstances, GDPR 2018 allows personal data to be disclosed to law enforcement agencies without the consent of the data subject.
Under these circumstances Berry Lane Dental Surgery will disclose such data in response to a proven legitimate request, seeking assistance from the Company’s legal advisors where
21 May 2018
Denplan Essentials is an easy and straightforward way to pay for all your routine dental treatment such as check-ups and hygiene visits.Find out more
Not apprehensive about a visit.
Friendly, very helpful, waiting areas etc. Comfortable and very clean.
Efficient and understated.
Friendliness and courteous care.
Minimum waiting and prompt treatment in emergency.