Top mistakes we’ve encountered during the dental GDPR update frenzy
This blog will be published on or around deadline day for GDPR – 25th May, and so you could say it’s a little late with its advice. However, given that the data police are unlikely to be storming the doors of small businesses immediately, there’s still time to give the new legislation the attention it deserves and get your business fully compliant.
Over the last three months we’ve updated hundreds of websites for dental clients, plus some where our competitors refused to update their own client’s websites unless they paid large fees over-and-above the huge monthly maintenance fees they were already paying! But that’s another story….
So what have we encountered in our many discussions with dentists over the last few months and what can you learn? This will not be specific advice about policies and procedures, more about observations and attitudes regarding the new (and important!) legislation.
Some practices are still not aware!
This might be hard to believe but even in the last few days, we’ve encountered quite a few instances where dentists are simply not aware of the pending legislation and consequently haven’t done anything. This suggests that they’ve ignored our advisory emails and probably countless others, over the last year or so. This is hard to fathom but it is happening. If this is you, the good news is that there is still time. It is unlikely that the data police will come calling immediately, so there is still chance to research and get the necessary systems, training and procedures in place. But don’t delay!
A number of principal dentists have delegated the responsibility
What I mean by this is that in quite a lot of cases, business owners appear to have delegated the responsibility for bringing the practice into compliance, on to more junior members of staff. And not always to good effect. The legislation is quite complex and open to interpretation – and misinterpretation, and needs a diligent, experienced “head” to understand and guide its implementation. In numerous cases we’ve taken calls from confused junior team members who frankly had little idea about what they were trying to achieve and who clearly felt “dropped in it”. For example, several calls where the individuals concerned asked if we were going to update their patient list with regard to the new legislation! Whilst we can advise about how to do this, it’s clearly outside of our remit to actually undertake tasks like that.
Given that the legislation is so important and far-reaching, it’s incumbent on senior members of staff to get fully involved and satisfy themselves that the business would be robust in the face of inspection.
Some practices have completely ignored advice
There are around 30% of our clients who are clearly “busking” it and hoping that the changes won’t affect them i.e. they are ignoring advice to update websites, use encryption where appropriate, add new privacy policies etc. Clearly we can only advise and not mandate such changes, but it’s quite surprising to see a relatively large number of businesses simply keeping their heads down.
There’s still time to act!
As we publish this blog, deadline day for GDPR will be upon us. If you are still in the early days of adapting your business to comply, or perhaps you are only now just realising that you haven’t done anything yet, then all is not lost. GDPR is still in its infancy and in the words of the overseeing Government bodies, still liable to change. So the chances of someone challenging you immediately are fairly slight. However unlikely, you *could* be challenged and you would also be operating outside of the law – no doubt many of your patients will be aware of the requirements too, and expecting to see you complying. So if you haven’t done so already, now is the time to act!
For compliance issues with regards to your practice website or marketing, please get in touch with the Dental Media team on 01332 672548 and we’ll be pleased to help.Google+