What is the UK GDPR?
The UK GDPR is a law originating from the EU General Data Protection Regulation (EU GDPR) that sets rules on how data relating to individuals (personal data) can be collected, stored and used. The UK GDPR works in tandem with the Data Protection Act 2018. Together, they set out the rules you need to follow when processing personal and special category data. The UK GDPR also sets out what happens when you don’t follow the rules when processing personal data.
You may also have heard about a new data protection bill being discussed by the UK Government to replace UK GDPR. This new legislation is to be called the Data Protection & Digital Information (No.2 Bill), and whilst some suggest that it will come into force in mid-2024, there have been assurances provided by the UK Government that those who are compliant with the UK GDPR would not need to significantly change their approach to be compliant with the new legislation.
Pause to reflect
Consider how your pharmacy applies data protection principles by asking yourself the following questions:
- How does your pharmacy collect and process data?
- Do you tell customers/patients about how you process their data?
- Do you have a privacy policy that provides information on how and why you collect personal data and special categories of data?
- Are your online systems protected from loss, alterations to or destruction of data?
- Do you provide training to your employees to ensure that they can process personal data in line with the requirements of data protection legislation?
Remember: special categories of personal data present special risks for pharmacies and you should have adequate security arrangements that provide extra protections for this type of data.
- Do you regularly update your data protection policies and undertake risk assessments that feed into your privacy programme?