What do you need to do to keep data secure?

Article 5(1)(f) states that personal data shall be “processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).”

With human error being one of the biggest causes of data breaches, it is important that you and your employees keep personal data secure.

To keep data secure, you could consider implementing the following:

• Look after personal data like it was your own
• Make sure the data being used is accurate and up to date
• Do not obtain or record more information than you need
• Keep your pharmacy secure and make sure only authorised people can access the spaces where personal data is being processed
• Do not save personal data on your desktop
• Use a secure database to save personal data
• Use a good password, and not something that someone else could guess. Use upper case and lower case letters, special characters and numbers
• Use a different password for different systems
• Do not let other people know your password
• Avoid leaving papers or electronic devices lying around; have a clean desk
• Lock your screen when you are away from your desk
• Avoid talking about confidential matters when unauthorised third parties may be able to hear
• Check that email addresses and postal addresses are correct before sending any documents
• Do not leave documents on a printer
• Do not take paper documents containing personal data out of the pharmacy
• Try not to use paper documents – save data on a secure database instead
• Adhere to retention periods
• Do not save personal data in multiple places
• Use a confidential waste bin or destroy documents and hardware in a way that means they can no longer be read or used
• Be aware of viruses or malware from the internet; make sure you keep your virus protection up to date
• Be cautious when you open emails. If the email does not look legitimate, do not risk opening it
• Be aware of spam emails or suspicious emails, especially when they have an attachment or ask you to do something you would not normally do as part of your role.

All pharmacy employees and management have a significant role to play to protect the personal data of customers and patients. Everyone must be accountable to each other to ensure this.

Accountability is demonstrated by observing obligations and promoting good practices under company policies. It is also important that you can evidence your compliance with data protection legislation for processing personal data. This evidence includes having policies that address personal data, as well as procedures, frameworks and an ongoing governance programme. It also means undertaking and documenting a continuous assessment of risks associated with the businesses processing of personal data and being able to demonstrate reacting appropriately to those risks, including ensuring that all staff are trained, not just in general data protection compliance but specifically with regard to the risks faced by your business.

It is important that you maintain a good and robust governance structure, one which ties your data protection programme and frameworks in with your risk profile. This will not only enable you to anticipate changes coming through the business but it will also allow you react.