This CPD learning module is all about GDPR for Community Pharmacy.

We’re going to learn about what GDPR is, what it means for Community Pharmacy and what you can do as a pharmacy business to become fully GDPR compliant.

What is GDPR?

GDPR is short for the EU’s General Data Protection Regulation and is a policy that will replace the Data Protection Act in the UK. In the data-driven world that we now live in, it is designed to update data protection in which people readily give out their personal information in exchange for free services. It aims to give people more control over how organisations use their information and but also to standardise data protection law across Europe.

The Information Commissioner’s Office (ICO) is the authority in the UK issuing general guidance to organisations about GDPR. You can access their documentation here.

Why was the GDPR created?

There are 2 main reasons for this.

Firstly, it’s to bring data protection law in line with how people’s data is being used in order to prevent use and abuse of this data. This is particularly important when considering big tech companies, such as Facebook, Apple and even Pharmacy2U who deal with personal data on a very large scale.

The second reason is that redefining the data protection laws will give more clarity to organisations in dealing with personal data in the 21st century. It is predicted that this will collectively save organisations billions each year across the EU.

When will GDPR come into force?

Although the documentation for the regulation came into force back in May 2016, businesses and organisations who deal with personal data will need to be GDPR compliant by the 25th May 2018.

What does GDPR mean for Community Pharmacy?

GDPR applies to Community Pharmacies since they are controllers and processors of data

All “controllers” and “processors” of data will need to comply with GDPR. Since Community Pharmacies deal with patient data all the time, it means we will, of course, also have to comply. The good thing is that the protocols we already have in place for patient data protection are robust and so the changes you’ll have to make will not be exhaustive.

In saying this, pharmacy owners need to take GDPR very seriously because the government is looking to clamp down and introduce heavy fines to those businesses who are not complying.

Increased fines for non-compliance

It is thought that ICO will have more power to impose serious fines of up to £18 million pounds. I’m not sure a bill for that amount would go down well for business.

Notify authorities of data breaches

You’ll need to notify the authorities of any data breaches that happen as soon as possible or within 72 hours of the incident.

Data Protection Officer appointment

Some pharmacy organisations will need to appoint a Data Protection Officer (DPO) who will ensure the safe and effective management of data. This isn’t mandatory but should be considered if organisations are dealing with data on a large scale. DPO’s will take responsibility on how data is processed within the organisation and that they are complying fully with the new guidelines. For example, they would periodically review how consent is being obtained to provide some pharmacy services, such as medication deliveries and EPS Nominations.

More control for patients

And lastly, your patients will have more control over their data. They will have the “right to be forgotten” which means they can ask you to erase their data under certain circumstances.

Now, there are more minor changes to data protection for Community Pharmacy you should be aware of that I will not list in this module. However, when preparing for compliance, you should understand what these changes will entail.

How to prepare your pharmacy for GDPR

PSNC

It’s important to begin preparing right now if you haven’t already done so because there will be quite a few elements you’ll need cover. Having done research, probably the best free resource you can use that will guide you through the steps needed to secure GDPR compliance for your pharmacy is by the PSNC. They have organised a workbook for you or your DPO to go through which will help you greatly and they have released a webinar that answers your most asked questions.

Click here for PSNC resources

Click to watch the webinar

GDPR Tracker

Another option for you could be the use of a 3rd party to do most of the work for you. GDPR Tracker is a very respectable service designed to take the hassle out of becoming compliant. I’ve had a demo with their founder, the platform is tidy and of course, it’s digital, meaning less paper and folders in the pharmacy.

Here’s a video you can watch that show’s you how it works:

Sign up for a free GDPR Tracker account here.

NPA

I’ve also attached some slides designed by the NPA to this learning module which has more information on GDPR for Community Pharmacy that you can take a look at.

Download slides here

GDPR for Community Pharmacy and the Future

I’m really happy that GDPR is coming into force. It’s going to help keep my personal information safer, in the right hands and give me a bit more control as to how it’s firstly obtained and what is done with it. I might even see a reduction in spammy emails which will be a huge bonus!

For Community Pharmacy, data protection needs to remain as an important priority. We’re not dealing with simple data like an email address. We’re dealing with patient data that is very personal and extensive at times. We have to ensure robust procedures are in place to keep this data safe and secure, and as we head further into the digital age, we will no doubt be dealing with more varieties of data.

As always, I’m more than happy to talk to you about GDPR and data protection so don’t hesitate to get in touch.

Saam.