This CPD learning module is all about GDPR for Community Pharmacy.
We’re going to learn about what GDPR is, what it means for Community Pharmacy and what you can do as a pharmacy business to become fully GDPR compliant.
What is GDPR?
GDPR is short for the EU’s General Data Protection Regulation and is a policy that will replace the Data Protection Act in the UK. In the data-driven world that we now live in, it is designed to update data protection in which people readily give out their personal information in exchange for free services. It aims to give people more control over how organisations use their information and but also to standardise data protection law across Europe.
The Information Commissioner’s Office (ICO) is the authority in the UK issuing general guidance to organisations about GDPR. You can access their documentation here.
Why was the GDPR created?
There are 2 main reasons for this.
Firstly, it’s to bring data protection law in line with how people’s data is being used in order to prevent use and abuse of this data. This is particularly important when considering big tech companies, such as Facebook, Apple and even Pharmacy2U who deal with personal data on a very large scale.
The second reason is that redefining the data protection laws will give more clarity to organisations in dealing with personal data in the 21st century. It is predicted that this will collectively save organisations billions each year across the EU.
When will GDPR come into force?
Although the documentation for the regulation came into force back in May 2016, businesses and organisations who deal with personal data will need to be GDPR compliant by the 25th May 2018.
What does GDPR mean for Community Pharmacy?
GDPR applies to Community Pharmacies since they are controllers and processors of data
All “controllers” and “processors” of data will need to comply with GDPR. Since Community Pharmacies deal with patient data all the time, it means we will, of course, also have to comply. The good thing is that the protocols we already have in place for patient data protection are robust and so the changes you’ll have to make will not be exhaustive.
In saying this, pharmacy owners need to take GDPR very seriously because the government is looking to clamp down and introduce heavy fines to those businesses who are not complying.
Increased fines for non-compliance
It is thought that ICO will have more power to impose serious fines of up to £18 million pounds. I’m not sure a bill for that amount would go down well for business.
Notify authorities of data breaches
You’ll need to notify the authorities of any data breaches that happen as soon as possible or within 72 hours of the incident.
Data Protection Officer appointment
Some pharmacy organisations will need to appoint a Data Protection Officer (DPO) who will ensure the safe and effective management of data. This isn’t mandatory but should be considered if organisations are dealing with data on a large scale. DPO’s will take responsibility on how data is processed within the organisation and that they are complying fully with the new guidelines. For example, they would periodically review how consent is being obtained to provide some pharmacy services, such as medication deliveries and EPS Nominations.
More control for patients
And lastly, your patients will have more control over their data. They will have the “right to be forgotten” which means they can ask you to erase their data under certain circumstances.
Now, there are more minor changes to data protection for Community Pharmacy you should be aware of that I will not list in this module. However, when preparing for compliance, you should understand what these changes will entail.
How to prepare your pharmacy for GDPR
It’s important to begin preparing right now if you haven’t already done so because there will be quite a few elements you’ll need cover. Having done research, probably the best free resource you can use that will guide you through the steps needed to secure GDPR compliance for your pharmacy is by the PSNC. They have organised a workbook for you or your DPO to go through which will help you greatly and they have released a webinar that answers your most asked questions.
Click here for PSNC resources
Click to watch the webinar
Another option for you could be the use of a 3rd party to do most of the work for you. GDPR Tracker is a very respectable service designed to take the hassle out of becoming compliant. I’ve had a demo with their founder, the platform is tidy and of course, it’s digital, meaning less paper and folders in the pharmacy.
Here’s a video you can watch that show’s you how it works: