Data protection in times of COVID-19

Naomi Korn, Managing Director, Naomi Korn Associates, talks about the key considerations during the COVID-19 outbreak.


Working remotely presents new data protection security risks, with staff using their own equipment and communicating on public platforms such as Zoom.

If staff have been furloughed, make sure that any potential data breaches and Subject Access Requests are monitored and a process put in place to respond to them accordingly.

Ensure that staff, contractors and others who work for or on behalf of your organisation are aware of their roles and responsibilities in terms of legal compliance and home working. Webinars and/or update emails are useful examples of ways to make sure that levels of awareness remain high.

Update your online Privacy Notice/s and any other privacy statements to take into account new ways of processing personal data and different platforms and systems that you might be using.

Do not save personal data unless there is a reason to do so. This means deleting emails as necessary, and not storing personal information.

General Data Protection Regulation (GDPR) and record-keeping requirements

Glenys Bridges talks about the importance of record-keeping relating to the GDPR.


GDPR specifies record-keeping responsibilities for data controllers and data processors to record the types of information held, the legal basis for keeping data, arrangements for ensuring data are secure and team training in handling data lawfully.

The data controller is the individual or legal person who determines purposes and processes for handling personal data in practice.

A data processor is any person who processes data on behalf of the data controller.

Q&A: What are the new data protection regulations?

Q. What are the new data protection regulations?

A: As of May 2018, all dental practices will need to be compliant with GDPR (the General Data Protection Regulation). This will relate to data processing, information security and record retention.  Without it you may be in breach of the GDPR and could face penalties. As a result of this new framework all practices must register a Data Controller (usually the practice owner or manager) with the Information Commissioner’s Office (ICO).  The data controller will be responsible for all data security/processing and ensuring that the practice is GDPR compliant.

Getting ready for the General Data Protection Regulation

Getting ready for the General Data Protection Regulation


The new GDPR is designed to strengthen and unify the safety and security of all data held within any organisation, including dental practices.

All staff need to be aware that the Data Protection Act (DPA) is changing to the GDPR, how this will affect dental practices and the impact that this will have.

Dental practices should carry out an information audit and document what personal data they hold on staff and patients, where it came from and whom it is shared with.

Procedures should be in place for detecting, reporting and investigating data breaches.