Introduction

It is estimated that approximately 30 per cent of data generated worldwide can be attributed to the healthcare sector. With pharmacies offering a range of services, including an increasing number of services being offered online, the amount of data being processed is only going to increase.

Pharmacies process personal data, which includes contact details and payment details, but also more high risk, sensitive personal data, which for data protection purposes is known as ‘special category’ personal data. Special category personal data includes information relating to medical reports, prescriptions and other health data from both adults and children.

Generally, the awareness of individuals’ rights under data protection legislation has increased over the last few years. However, some businesses, including pharmacies, are still falling short of their obligations under the data protection legislation.

The data protection legislation, which includes the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 and the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR), is there to hold businesses to account and make the world of data more transparent and, from the pharmacy’s perspective, they are incredibly important, given the risk of non-compliance.

European and UK data protection regulators have imposed some eye watering fines since 2018 for breaches of data protection legislation.