GDPR implementation is just around the corner
Many pharmacies may not yet be ready for the implementation of tough new data protection rules, risking heavy fines in the case of a confidentiality breach, delegates at the Sigma conference heard. The implementation date for the General Data Protection Regulations (GDPR), coming in to force on 25 May, are “around the corner”, warned NPA’s Leyla Hannbeck, and fines for a data breach will be “hefty” - up to £10 million or two per cent of an organisation’s turnover.
The law, which apply across Europe, is "one step further" on current requirements imposed by the Data Protection Act, said Ms Hannbeck. Key new elements of the enhanced regulation are new rules regarding consent, and new obligations for all members of the team, who will be designated as ‘data controllers’ and ‘data processors’, she said.
Pharmacies will require a Data Protection Officer - recommended as being the superintendent pharmacist - and update procedures around consent for services.
“It is very important that the entire team is aware of data protection and individual rights and consent, because they will be having an important role to play here,” said Ms Hannbeck. “You need to have robust consent activity in your pharmacy,” she said, and suggests that pharmacies use a data protection impact assessment tool and update SOPs.
If a breach happens a Data Protection Officer will need to liaise with the Information Commissioners Office and do so within 72 hours.
Detailed advice on how to comply is expected from the NPA and PSNC, she advised.
With research suggesting a possible link between COVID-19 and EPs, make sure you’re confident discussing EPs and their treatment with customers