How We’ve Implemented GDPR For Our Dental Practices (2018)

As you may be aware, from the 25th May, the GDPR are bringing in new compliance that all EU businesses must follow.

In a nutshell – the rule of thumb is:

“if the business’ aim outweighs the risk of data protection, you can contact them’ – that sounds a bit confusing but if you think about it; if someone calls you, or walks in to the practice – they have initiated contact which justifies further communication.”

Get GDPR Compliant

To ensure we are compliant, we have added a mandatory ‘opt-in’ tick box to all contact forms across our clients’ websites – as well as our own!

This effectively acts as a contract between any potential patient and the business to say that the user “wishes to receive further contact from you, and gives permission for you to use the data” by ticking this box.
Choose the Treatments

We have also added an updated, 2018 Cookie Policy to the footer of all our clients’ websites – so that current and potential patients can see how and why we use Cookies (with a few more helpful links if you want to learn more!).

Other than the changes that we can implement on behalf of our fantastic clients, if you are a dental practice owner reading this post it is very important to note that – if you send anything more than appointment reminders to patients, (for example offers, newsletters or emailing none/previous patients), then you will now need to re-gain consent from those people.

The best way to do this is to contact your newsletter/mailing list software, and ask for their advice on sending out an ‘opt in/opt out’ mailshot, just like this:

Click Here to Opt In

Finally – don’t forget the importance of ensuring that these rules also apply to your in-house systems and paper forms.

  • Upon registering a new patient, you should add a mandatory tick box to your iPad/paper forms stating that the patient wishes to receive further contact from you ‘by ticking this box’.
  • It must be made clear that if a registered patient does choose to ‘opt out’ (or doesn’t tick the box) that they will still receive appointment updates and reminders via phone/text or email.  

With regards to those who opt-out – GDPR states that you must ensure that ALL RECORDS, both paper and digital of that person’s details are either anonymised (replacing their personal info on your records with gobbledygook!), or removed completely from your records.

To anonymise a patient, just change from this:

From This

To this:

To This

…that way – any end of year analysis, summarising data, or patient value can be kept on record!

For more information on the new GDPR regulations, visit:

Or if you’d like us to take a look at your website, and ensure it meets the guidelines above, then get in touch! Email [email protected] and with the URL of your website and we’d be happy to take a look.

Scroll Up