GDPR Update - Community Pharmacy Cumbria

On 4 May 2016, the GDPR was published in the Official Journal of the European Union and officially came into force on 24 May 2016.There is a two year implementation period and therefore, the GDPR will only be applicable from 25 May 2018. Perhaps the most seismic overhaul of data protection in the last 20 years, the implementation phase will allow organisations the opportunity to plan and prepare their strategy on how to comply with the GDPR.More background information is available on the European Commission’s website.

GDPR guidance documents

The following series of guidance documents has been created by the cross-sector Community Pharmacy GDPR Working Party (made up of PSNC, NPA, CCA, AIMp, RPS, CPPE and CPW) to assist community pharmacy contractors in working towards General Data Protection Regulation (GDPR) compliance.

Guidance for Community Pharmacy (Part 1): this should help contractors to understand the GDPR requirements, and it sets out the steps they will need to take to comply.
Guidance for Community Pharmacy (short version) (Part 2): this has been made available to assist with staff training.
Workbook for Community Pharmacy (Part 3): this contains a set of editable templates that contractors can use to show that they are meeting all the GDPR requirements.
FAQs for Community Pharmacy (Part 4): this provides simple answers to key questions on the GDPR.

GDPR Action Needed: Appointing a Data Protection Officer May 10, 2018

PSNC is now advising community pharmacy contractors to start making plans to appoint a Data Protection Officer (DPO), because it is likely that the UK Data Protection Act 2018 will require this.Yesterday (9th May) the Minister for Digital and the Creative Industries, Margot James MP, told the House of Commons that as primary care providers “process sizeable quantities of sensitive health data” then they should have “a single point of contact on data protection matters”.This followed campaigning by PSNC, the NPA and other primary care representatives, working with some MPs, to try to secure an amendment to the draft UK data protection legislation which would have meant that smaller pharmacies did not necessarily need to appoint a DPO.Therefore, whilst in the Guidance for Community Pharmacy (Part 1), we advised that community pharmacies ‘may also need to appoint aDPO’, PSNC must now advise that all contractors appoint a DPO as part of their journey towards compliance with the General Data Protection Regulation (GDPR) and the associated (currently draft) UK Data Protection Act 2018.

For more information visit GDPR Data Protection Officer

Phamoutcomes GDPR documents

Pharmoutcomes GDPR Assurance Statement

PharmOutcomes Technical and IG Specification v5.1