On 4 May 2016, the GDPR was published in the Official Journal of the European Union and officially came into force on 24 May 2016.There is a two year implementation period and therefore, the GDPR will only be applicable from 25 May 2018. Perhaps the most seismic overhaul of data protection in the last 20 years, the implementation phase will allow organisations the opportunity to plan and prepare their strategy on how to comply with the GDPR.More background information is available on the European Commission’s website.
GDPR guidance documents
The following series of guidance documents has been created by the cross-sector Community Pharmacy GDPR Working Party (made up of PSNC, NPA, CCA, AIMp, RPS, CPPE and CPW) to assist community pharmacy contractors in working towards General Data Protection Regulation (GDPR) compliance.
GDPR Action Needed: Appointing a Data Protection Officer May 10, 2018
PSNC is now advising community pharmacy contractors to start making plans to appoint a Data Protection Officer (DPO), because it is likely that the UK Data Protection Act 2018 will require this.Yesterday (9th May) the Minister for Digital and the Creative Industries, Margot James MP, told the House of Commons that as primary care providers “process sizeable quantities of sensitive health data” then they should have “a single point of contact on data protection matters”.This followed campaigning by PSNC, the NPA and other primary care representatives, working with some MPs, to try to secure an amendment to the draft UK data protection legislation which would have meant that smaller pharmacies did not necessarily need to appoint a DPO.Therefore, whilst in the Guidance for Community Pharmacy (Part 1), we advised that community pharmacies ‘may also need to appoint aDPO’, PSNC must now advise that all contractors appoint a DPO as part of their journey towards compliance with the General Data Protection Regulation (GDPR) and the associated (currently draft) UK Data Protection Act 2018.