Dentally and GDPR

General Data Protection Regulation (GDPR) require some changes in the way that a patient’s data can be stored and how that data is used. As such, Dentally has some additional features in order to allow your practice to conform.

Contact and Marketing Consent

Recalls and Appointment Reminders:

As before, the Email and SMS contact options allow you to state whether the patient has consented to allow your practice to contact them regarding their oral health via these methods. Even if you have the patient’s mobile number and email address, if these contact options are set to ‘No’, the patient will not receive recalls or automated appointment reminders by these methods. Recalls and appointment reminders should not be considered marketing communication as they are used to maintain the oral health of a patient, which is different under GDPR to marketing communication as exaplained below.

Marketing Consent:

Contacting the patient for the purposes of marketing is now something the patient needs to ‘opt in’ to before you can contact them.
In the patient’s Details tab, there is a specific option to state whether this patient has agreed to be contacted for any marketing purposes.


This opt in feature dictates purely whether you as a practice are allowed to contact them for anything other than regular contact regarding their dental care and no answer is essentially non consent; an explicit ‘Yes’ must be given before a patient can be contacted for marketing. This consent must be taken into consideration before contacting your patients with regards to any form of marketing. The answer given in this section is available as part of the patient reports and any search criteria used to obtain a list of patients from your database for the purposes of marketing should be filtered to those with a marketing consent option set to ‘Yes’. You should question any patient who has not yet given or refused consent to be contacted for marketing purposes.

Consent to marketing by the patient does not give consent for any party other than your practice to contact this patient by default, explicit permissions should be sought if you wish to share data outside your organisation.

Auditing Patient Consent
Changes to a patient’s contact consent can be audited by clicking the ‘i’ icon next to the marketing consent information in their Details tab. This option will display any changes to the patient’s consent to be contacted via SMS, Email or for marketing purposes along with when that change was recorded.


The ‘Right to be Forgotten’

As well as being able to archive a patient’s record in Dentally where the patient’s full details and clinical history can still be searched and viewed, the patient now has the right to request that their records be removed entirely where that data is stored on the basis of consent.

When storing clinical records you do not need patient’s consent as the legal basis for storing and processing that data. There are six different reasons why you might be storing data, more information can be found on the ICOs website

Should you wish to permanently delete a patient record that you no longer need to keep then this action is carried out from the More menu at the top right of the patient’s Details tab, where the option to archive is also to be found. This option is restricted to Administrator users only and once selected requires the user to confirm their action and then enter their Dentally password as an added layer of security. The patient’s records will then be fully deleted from Dentally after 7 days. If you wish to cancel the scheduled deletion of a patient simply unarchive the patient within 7 days of clicking “Delete record”. Once the 7 day perio is over the record will permanently deleted with no way to recover it.



Last updated on 17th August 2018