Botched new Data Protection Act could slap £2k bill on small NHS providers

The British Dental Association (BDA), Optical Confederation and Pharmaceutical Services Negotiating Committee (PSNC), writing on behalf of 40,000 dentists, 11,500 community pharmacies, and 19,000 optometrists and dispensing opticians, have said the Data Protection Bill – due to start its progress through the House of Commons on  March 5– will, as currently drafted, slap significant extra costs on small providers.

In a joint letter, the groups have called on minister for digital and culture, Margot James, to drop plans to require all NHS providers to appoint a data protection officer (DPO) – which goes well beyond the requirements of the General Data Protection Regulation (GDPR). The Regulation only requires a body to appoint a statutory DPO if it is a public authority or if it processes certain categories of data, including healthcare data “on a large scale”, such as a hospital.

Health leaders have been working closely to lobby for changes for some months, as it became clear that small practices could be forced to hire additional staff or buy in additional services to fulfil this new requirement, at significant extra cost which could eventually have to be met by the NHS or patients.