This site is intended for Healthcare Professionals only

You’re doing great.  (0% complete)

quiz close icon

module menu icon Customer and patient rights over their personal data

Customer and patient rights over their personal data

When you receive a request under data protection legislation, you should be able to identify and escalate it appropriately so that it can be facilitated. The pharmacy will only have one month to respond to the request, unless it is considered complex, manifestly unfounded or excessive.

The data protection rights are:

  • Right to be informed: customers and patients have a right to know how and why you process their personal data. Note that there are exemptions for when you are investigating criminal activities
  • Right of access: customers and patients have the right to access and receive a copy of their personal data and other supplementary information
  • Right to rectification: customers and patients have the right for individuals to have inaccurate personal data rectified or completed if it is incomplete
  • Right to erasure: customers and patients have the right to have personal data erased (also known as the right to be forgotten)
  • Right to restrict processing: customers and patients have the right to request the restriction or suppression of their personal data
  • Right to data portability: data portability allows customers and patients to have the right to obtain and reuse their personal data for their own purposes across different services
  • Right to object: customers and patients have the right to object to the processing of their personal data in certain circumstances
  • Rights for automated decision, including profiling: the data protection legislation has additional rules to protect customers and patients if you are carrying out solely automated decision-making that has legal or similarly significant effects on them.

It is important to keep personal data confidential and to store it securely.

The pharmacy is firstly accountable to the customers and patients whose personal data it processes, but it is also accountable to the Information Commissioner’s Office (ICO) for any failures to protect personal data.

Data protection regulators have seen an increase in reports of breaches of data protection legislation, and while there has been an increase in cyber attacks reported, the most reported breaches are still as a result of human error.

“Keep your pharmacy secure and make sure only authorised people can access the spaces where personal data is being processed”

Change privacy settings