April 11, 2018

GDPR guidance for community pharmacies

The guidance produced by the PSNC discusses each part of the GDPR legislation and how it will apply to the community pharmacy sector.

PSNC has divided their guidance into the following sections:

  • Guidance for Community Pharmacy (Part 1): this should help contractors to understand the GDPR requirements, and it sets out the steps they will need to take to comply.
  • Guidance for Community Pharmacy (Part 2): this has been made available to assist with staff training.
  • Workbook for Community Pharmacy (Part 3): this contains a set of templates that contractors can use to show that they are meeting all the GDPR requirements.
  • FAQs for Community Pharmacy (Part 4): this provides answers to key questions on the GDPR.

DATAPROTECTED

To assist contractors in dealing with the legislation going forward, the PSNC has come up with the mnemonic DATAPROTECTED, as a short cut guide to compliance:

  • Decide who is responsible
  • Action plan
  • Think about and record the personal data you process
  • Assure your lawful basis for processing
  • Process according to data protection principles
  • Review and check with your processors
  • Obtain consent if you need to
  • Tell people about your fair processing notice
  • Ensure data security
  • Consider personal data breaches
  • Think about data subject rights
  • Ensure privacy by design
  • Data protection impact assessment

Next Steps

PSNC concludes that whilst GDPR brings a new approach to data protection, because of historic good practice, pharmacy teams are already used to managing personal data and are already subject to considerable information governance (IG) requirements.

However PSNC will hold two live webinars in early April where they will talk contractors through the information given in their guidance documents.

Register for the webinars at: psnc.org.uk/webinar

Share on: