Simplyhealth Professionals has produced a range of templates and draft policies to support its practices in preparation for meeting the enhanced data protection requirements coming into force on 25 May 2018. It has also been providing detailed information and guidance on the implication for practices of the new data regulations with a three part blog written by Roger Matthews, Honorary Life President and former Chief Dental Officer (https://www.denplan.co.uk/dentists/blog).

Between now and 25 May, the recommendations are that practices will need to:

  • Complete their data audit (as recommended by The Information Commissioner's Office (www.ico.org.uk/gdpr)

  • Check where back-ups are stored (ask your software provider/s)

  • Consider how to present Privacy Notices to patients

  • Consider revising their Data Protection and Information Security policies

  • Update their Cookie policy if they have a website

  • Carry out and document a Legitimate Interest Assessment (in simple terms how you lawfully process personal data)

  • Draw up a Data Breach policy and procedure (if not already done)

  • Appoint a Data Protection Officer.

To help with preparation, Simplyhealth has published several templates for members on their web portal in a GDPR toolkit. There are templates available for a Legitimate Interest Assessment, a Privacy Notice and a Data Breach. In each case it will be necessary for practices to consider how these templates should be adapted for their own particular circumstances and practice. Further resources will be published on the portal in the coming weeks in the form of a Cookie policy, a Data Retention policy, a Data Protection policy and an Information Security policy.

As the new law is still a Parliamentary 'work in progress' and subject to some further amendments, Simplyhealth Professionals intends to keep members fully updated on any further developments.