PSNC publishes GDPR guidance for community pharmacies
PSNC has today published a series of guidance documents to assist community pharmacy contractors in working towards General Data Protection Regulation (GDPR) compliance.
The materials, created by the cross-sector Community Pharmacy GDPR Working Party, discuss each of the different elements of the GDPR and how they apply to community pharmacy.
They consist of:
Guidance for Community Pharmacy (Part 1): this should help contractors to understand the GDPR requirements, and it sets out the steps they will need to take to comply.
Guidance for Community Pharmacy (short version) (Part 2): this has been made available to assist with staff training.
Workbook for Community Pharmacy (Part 3): this contains a set of editable templates that contractors can use to show that they are meeting all the GDPR requirements.
FAQs for Community Pharmacy (Part 4): this provides simple answers to key questions on the GDPR.
All the guidance documents can be downloaded from: ow.ly/GRs130jchmW
Contractors should be reassured that whilst GDPR brings a new approach to data protection, much of what becomes mandatory has been good practice in the past and pharmacy teams are used to managing personal data and are subject to considerable information governance (IG) requirements already.
Given the upcoming deadline for completion of the IG Toolkit (31st March 2018), any contractors who have not yet completed the IG Toolkit should do so immediately, and PSNC recommends that this is done before you start thinking about GDPR.
To keep things as straightforward as possible, the new guidance is underpinned by the mnemonic DATAPROTECTED, giving 13 steps as the route to compliance:
Decide who is responsible
Action plan
Think about and record the personal data you process
Assure your lawful basis for processing
Process according to data protection principles
Review and check with your processors
Obtain consent if you need to
Tell people about your fair processing notice
Ensure data security
Consider personal data breaches
Think about data subject rights
Ensure privacy by design
Data protection impact assessment
As everybody is still getting to grips with the GDPR, there is much still to be clarified both before and after the 25th May 2018; in her blog, the Information Commissioner Elizabeth Denham admits that “GDPR compliance will be an ongoing journey”. Therefore, this guidance should be considered a starting point and we will update it as issues are clarified.
The working party is also happy to accept questions, which may be sent to any of the member organisations and selected questions with answers will be added to the FAQs document.
Contractors are reminded that PSNC will hold two live webinars in early April and most of the time will be dedicated to guiding contractors through the information given in these guidance documents. Register for the webinars at: psnc.org.uk/webinar
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.