The General Data Protection Regulation (GDPR), which came into force on 25 May 2018, enhances the rights of individuals in relation to the protection of their personal data and places greater responsibilities on organisations/businesses about how they treat personal data. At the centre of the new law is the requirement for organisations and businesses to be fully transparent about how they are using and safeguarding personal data, and to be able to demonstrate accountability in relation to the data protection principles now in place.
Given the sensitivity of health-related information, it is imperative that healthcare professionals are clear about their use of personal data and continue to consider and maintain the confidentiality of patients’ information. Therefore, all pharmacies must have proper data protection arrangements in the interest of their patients, as well as their employees. Any employed pharmacist should expect to work in line with their employer’s governance arrangements in relation to the updated data protection requirements, and be supported to do so.
Changes under GDPR and data protection legislation, mean that the previously published PSI Guidance on Data Protection for Pharmacists is no longer current. Following a review, we have taken the decision not to replace the guidance, which was designed originally to give pharmacists some support in their compliance with data protection legislation. The guidance has been removed from our website, and you should also remove the guidance from the Pharmacy Practice Guidance folder in your pharmacy.
The
Data Protection Commission is responsible for upholding the rights of individuals in relation to their data processing. Both the Commission’s own website and their
GDPRandYou website have extensive information and resources available about data protection rights and responsibilities, and the Data Protection Commission also accepts queries via their website. The PSI is not in a position to give advice to others about data protection.