General Data Protection Regulation (GDPR)

See Countries.

The European Union passed a regulation known as General Data Protection Regulation in 2016 that is fully enforceable as of May 25, 2018.See https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A32016R0679 for the full law.

We have read the full text of the law and have determined that the Open Dental Software program does not need to be 'certified', as there is no 'certified' designation, certification process or regulation. Our understanding is that Open Dental Software program itself does not violate GDPR, but that each individual will need to evaluate his/her use of the program as it pertains to the law.*

We always encourage the protection of personal data in compliance with law. We recommend the following:

• Encrypt the database data at rest. See Encryption of Data 'at rest' and 'in transit'.
• Encrypt the drive containing the AZ folder. See BitLocker Drive Encryption.
• Do not send, use, store, transmit or backup data in an unencrypted manner.
• Do not use third party services that might expose or even unnecessarily process patient data.

Previously, Open Dental had blocked the use of certain eServices for customers located in the European Union. As of May 23, 2019 we have removed these limitations based on our updated understanding of the GDPR rules. Our previous interpretation concluded that any transmission of protected data was equivalent to “transferring” and therefore prohibited. However, per the following UK government sponsored website, data in transit that has been routed through a non-European Economic Area (EEA) country is not equivalent to data that has been transferred to a non-EEA country. See: International Transfers – ICO.ORG.UK.

eServices will be permitted going forward for our EU customers. These services allow patients in the EEA to send information and communicate with their providers, also in the EEA. The data is transmitted via our servers in the United States and will be permitted going forward because the data is not 'transferred' to the United States.

Be aware there are still ways to use Open Dental products that could violate the GDPR. It is the responsibility of each office to understand local laws and how best to follow them. Examples of potential violations that are outside the control of Open Dental Software Inc include:

• Emailing your database to a friend or colleague.
• Selling patient data to a market research firm.
• Sending text messages that contain protected data.
• Allowing EEA residents to sign up through the web portal for offices outside the EEA.
• Taking pictures of people in your office without obtaining permission.

Please Contact Us if you believe any of this information is in error, or you require additional clarification.

See Conversions for special considerations for conversions from EU countries.

*We are not lawyers and do not provide legal advice. Please consult your legal team for regulation specifics and how they apply to your use of Open Dental Software.