The Data Protection Officer is primarily an advisory role.
- may be a pharmacist or another suitable person, inside or outside of the pharmacy, but with knowledge of the particular community pharmacy
- have ‘expert’ knowledge of data protection and associated legislation, as this relates to community pharmacy
- have a thorough understanding of the Information Commissioner’s Office and Information Governance Alliance guidance on their role
- the DPO is identified on the Privacy Notice
- must not be a person who decides the purposes and means of processing
- the DPO must be independent, adequately resourced, and report to the highest management level
- in some cases, several organisations can appoint a single DPO between them
- DPOs can help you demonstrate compliance and are part of the enhanced focus on accountability
- further guidance on the role of the DPO is available from the ICO and NHS Digital’s Information Governance Alliance (IGA).