GDPR exemptions refused by Government

GDPRMinisters have refused to make exemptions to the Data Protection Bill for small NHS providers.

The British Dental Association (BDA), along with other healthcare associations, has recently been asking for exemptions to the Bill, asking that primary care providers be exempt to the requirement to have a data protection officer.

The Government yesterday rejected these amendments, however the BDA will continue to lobby for the change.

‘Although I have sympathy with amendments 18 and 19, primary care providers are different from parish councils in that they process sizeable quantities of sensitive health data, whether that be an ​individual’s mental health status, the fact that they are pregnant, or details of their prescription for a terminal illness,’ Margot James, Minister for Culture, Communications and Creative Industries, said.

‘All of these matters are highly personal, and in the world of health, data protection is rightly paramount.

‘The Dean Street Express case in 2015 illustrates the potential harm that even a single data breach can cause.

‘In that incident, the names and email addresses of almost 800 people, many living with HIV, were disclosed to other recipients.

‘It does not seem unreasonable that bodies who process that kind of data should have a single point of contact on data protection matters.’

You may also be interested in:

Data protection officer

EU GDPR doesn’t require dental practices to have a data protection officer but the UK Government has included this in the Data Protection Bill.

A group of four cross-party MPs – Christine Jardine, Shadow Health Minister Julie Cooper, former Health Minister Norman Lamb and Alex Cunningham – co-sponsored amendments that would have prevented the need for data protection officers in high-street providers.

They claim that most dentists aren’t processing healthcare data ‘on a large scale’.

‘The rejection of these tabled amendments is not only disappointing but allows the widespread confusion over GDPR to carry on,’ Neel Kothari told

‘For many smaller practices, this simply adds to the ever-growing burden that comes with running a business.

‘I fear for some it may be the tipping point leading to early retirement, but only time will tell.’


The only exemption the Government granted was to parish councils, as they were considered to process minimal amounts of sensitive data.

Some BDA members have reported that some practices are being quoted sums up to £15,000 to outsource data protection officer duties and responsibilities.

Under the new Bill, a dental protection officer should be in place by 24 May 2018.

Get the most out of your membership by subscribing to Dentistry CPD
  • Access 600+ hours of verified CPD courses
  • Includes all GDC recommended topics
  • Powerful CPD tracking tools included
Register for webinar
Add to calendar