3D intraoral scan and diagnostic plaster model under General Data Protection Regulation - Legal protection.

No legal subsumption of dental impressions, plaster models and intraoral scanning has been attempted yet. It should be examined to what extent the General Data Protection Regulation (GDPR) applies to them. The aim of this study is to legally classify 3D intraoral scans and plaster models prepared on the basis of alginate impressions within the context of personal data safety and determination of legal protection applicable to their use. The authors set the deliberations concerning legal protection of plaster models and 3D intraoral scans in the light of recently published articles regarding palatal rugae pattern stability, thus enabling accurate personal identification regardless of age or dental treatment. The deliberations concerning legal protection will be based on the analysis of the international legal acts, in particular GDPR. The intraoral scan constitutes biometric data, because it is information about a natural person - a patient is identifiable on the basis of elements defining physical identity. The plaster model itself does not constitute personal data. However, both of them constitutes medical documentation. The biometric data must be processed in a manner compliant with the GDPR provisions. The GDPR shapes only aims which should be attained. When creating a data safety system, ISO or NIST standards may help to ensure the proper level of protection against possible liability resulting from breaches in the scope of personal data processing.