GDPR and community pharmacy
What is GDPR?
On the 25th Of May 2018, the new European privacy regulation called The General Data Protection Regulation (GDPR) will come into effect.
This act will be replacing the Data Protection Directive 95/46/EC. This will apply to all companies processing personal and is aimed at protecting EU citizens from breaches of privacy and personal data. This will continue to apply after Brexit.
How will this affect my pharmacy?
Compliance is not a choice. This means that all pharmacy contractors will need to demonstrate compliance with data protection principles as well as the contained legislation.
In the case of pharmacies, this means providing a privacy notice to customers whose personal data is collected as well as having data protection guarantees in place with anyone who processes personal data for the pharmacy, such as a patient medication record supplier.
What can I do to prepare?
PSNC has published a series of guidance documents to assist community pharmacy contractors in working towards General Data Protection Regulation (GDPR) compliance.
The materials, created by the cross-sector Community Pharmacy GDPR Working Party, discuss each of the different elements of the GDPR and how they apply to community pharmacy.
They consist of:
- Guidance for Community Pharmacy (Part 1): this should help contractors to understand the GDPR requirements, and it sets out the steps they will need to take to comply.
- Guidance for Community Pharmacy (short version) (Part 2): this has been made available to assist with staff training.
- Workbook for Community Pharmacy (Part 3): this contains a set of editable templates that contractors can use to show that they are meeting all the GDPR requirements.
- FAQs for Community Pharmacy (Part 4): this provides simple answers to key questions on the GDPR.
The GDPR Working party have created the mnemonic DATAPROTECTED, giving 13 steps as the route to compliance:
- Decide who is responsible
- Action plan
- Think about and record the personal data you process
- Assure your lawful basis for processing
- Process according to data protection principles
- Review and check with your processors
- Obtain consent if you need to
- Tell people about your fair processing notice
- Ensure data security
- Consider personal data breaches
- Think about data subject rights
- Ensure privacy by design
- Data protection impact assessment
For a better understanding make sure to sign up for the PSNCs webinar on the 12th of April here;