Book Now
Book Now

Data Security Policy

Data Security & Information Governance Policy

Green Street Dental Practice is committed to protecting the confidentiality, integrity and security of all personal and sensitive information held by the practice.

We take appropriate technical and organisational measures to ensure that patient information is stored securely and handled responsibly in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, NHS requirements and professional standards.

Our Commitment to Data Security

All members of the practice team understand their responsibility to maintain patient confidentiality and protect personal information.

Access to patient information is restricted to authorised individuals only and is provided strictly on a need-to-know basis for the purpose of delivering dental care, administration and regulatory compliance.

All staff receive appropriate training relating to confidentiality, cybersecurity, data protection and information governance.

Confidentiality

All employees, clinicians and contractors working with the practice are required to comply with confidentiality obligations and data protection requirements.

Patient information is treated as confidential and is only accessed where necessary for:

  • Providing dental care and treatment
  • Managing appointments and patient administration
  • Processing NHS and private dental claims
  • Meeting legal and regulatory obligations

Unauthorised access, disclosure or misuse of personal information is treated seriously and may result in disciplinary or legal action.

Physical Security Measures

We maintain appropriate physical security measures to protect patient records and practice systems.

These measures may include:

  • Restricted access to staff-only areas
  • Secure storage of paper records
  • Alarm systems and monitored premises
  • Controlled access to practice computers and devices
  • Secure disposal of confidential waste and documents

Patient information is only removed from the practice premises where absolutely necessary and appropriate safeguards are in place.

Digital & Computer Security

We use secure dental software systems and modern cybersecurity measures to protect electronic patient information.

Security measures may include:

  • Password-protected systems and user accounts
  • Encrypted systems and secure backups
  • Cloud-based security and storage protection
  • Firewall and antivirus protection
  • Multi-factor authentication where appropriate
  • Access logging and audit trails
  • Routine software and security updates
  • Secure data backup and disaster recovery procedures

We take precautions to reduce the risk of cyber threats, phishing attacks, malware and unauthorised access to systems and data.

Data Retention

Patient records are retained in accordance with NHS guidance, legal obligations and professional standards.

Adult dental records are generally retained for a minimum of 11 years after the last course of treatment.

Children’s records are normally retained until the patient reaches at least 25 years of age or longer where clinically necessary.

Data Breaches & Security Incidents

Any actual or suspected data breach, cyber incident, loss of information or unauthorised disclosure of patient information is treated seriously and investigated promptly.

Where required, incidents will be reported to the appropriate authorities, including the Information Commissioner’s Office (ICO), in accordance with legal obligations.

Third-Party Providers

The practice may use trusted third-party providers to support the operation of the practice, including:

  • Dental software providers
  • Cloud storage and backup providers
  • IT support providers
  • Website and hosting providers
  • Payment and finance providers

Where third-party providers process personal information on our behalf, appropriate agreements and safeguards are in place to ensure compliance with data protection requirements.

Business Continuity & Disaster Recovery

The practice maintains procedures designed to support business continuity and minimise disruption in the event of system failure, cyber incidents, fire, flood or other unexpected events.

This includes secure backup procedures and recovery processes designed to help protect patient information and maintain essential services.

Your Rights

Under UK GDPR, patients have rights relating to their personal information, including the right to:

  • Request access to personal information
  • Request correction of inaccurate information
  • Request restriction of processing in certain circumstances
  • Object to certain uses of personal information
  • Raise concerns regarding how information is handled

Contact Us

Green Street Dental Practice
244 Green Street
London
E7 8LE

Telephone: 020 8472 0504

If you have concerns regarding data security or confidentiality, please contact the practice directly.

You also have the right to contact the Information Commissioner’s Office (ICO):

https://ico.org.uk

Policy Review

This policy is reviewed periodically to ensure continued compliance with current legal, regulatory and cybersecurity requirements.

Last Updated: May 2026

Table of Contents