Dental Website Strategies that Work Under GDPR

So far in our series, “Demystifying GDPR for Dental Practitioners” we’ve discussed many aspects of the GDP and its relation to the work of dental practices. Today we tackle the dental practice website. Nowadays any respected and well-promoted dental practice has a website providing basic information, contact forms and presenting the stuff. Under GDPR additional requirements need to be implemented into said website, mainly concerning the very controversial Cookies, that collect personal data of users that you need consent for.

Breach notification

Under the GDPR compliance, if your website experiences a data breach of any kind, your users need to be made aware of the breach. Therefore you need to monitor the security of your website.

Data collection, processing and storage

  • It is a requirement to have a good privacy policy in place. Furthermore, it has to be specific to your business, not just copy and paste from another website. 
  • You need to provide an easy method for people to request the information you hold on them (also known as Subject Access Request – SAR)
  • The users have the right to correct the information, in case there is a mistake in it
  • ‘Cookies’ are covered under the ‘ePrivacy regulation’, separate from GDPR


  • Secure servers such as SSL, HTTPS are not specifically covered by the GDPR, however, if you choose to use these host providers, you (and your visitors) can’t be certain that your data/ content is secure. 
  • The majority of referral forms on websites currently send the information via email to the practice. Therefore the data travels ‘insecurely’ over the internet from the form to your email account. To ensure the security of data a ‘secure form’ system whereupon the data is not transmitted, but merely ‘stored on the secure server’, and can only be downloaded using a specific password, is ‘best practice’.

Cookie Policy

Most websites track the people who visit them to learn more about their behaviour and preferences allowing targeting them with specific ads usually through Google AdWords. In order to fulfil the GDPR requirements, your Cookie Policy needs to be updated accordingly. It is advised that the users are given the right to consent for these and nothing should be pre-ticked beforehand.

Social Media 

 Social media sites collect all kinds of data on users and if you’re redirecting them to your channels via your website, you need to add in your Privacy Policy that once they leave your site you’re not responsible for their data. If you and your dental practice experience some issues with this, do not hesitate to contact our well-trained and experience professionals to help you!

Online Ads and New Patient Enquiry Rules

If someone responds, for example, to a landing page, filling in personal details to receive a service such as a free consultation, the person has given his/her consent for you to contact them for that specific purpose. However, an online lead from an email marketing campaign, Facebook or Twitter ad, or something similar requires you to explicitly obtain permission in some manner to contact them. An easy way is an opt-in button for permitting contact for marketing and promotional purposes.

The GDPR requires you to maintain a record of where you received the data, and a means of retrieving it should the patient or prospective client ever request the information.

Disclaimer: The content of this article is intended to provide a general guide to the subject matter, it is not legal advice and should not be treated as one. Specialist advice should be sought about your specific circumstances.

7 thoughts on “Dental Website Strategies that Work Under GDPR

Leave a Reply

Your email address will not be published.