This website uses cookies to give you the best experience

Close
Sign in to the member only area of NumarkNet

Can't access account?

12 April 2018 by Numark

General Data Protection Regulation (GDPR)

  • Wales
  • England
  • Scotland
  • Northern Ireland

The EU General Data Protection Regulation (GDPR) will come into force on 25 May 2018 and will apply in the UK irrespective of Brexit. Pharmacy owners should be starting to review their current data protection arrangements to ensure they comply, particularly as the GDPR has the potential for far greater enforcement penalties than the current laws. In particular, business owners will need to ensure that they have consent to process employee data, as consent obtained in an employee’s contract is unlikely to be effective under the GDPR. You should also ensure that you have a data breach response plan, as the GDPR requires mandatory breach reporting.

What are the key changes?

Increased fines for breaches: The ICO will have greater powers to impose fines as high as €20 million euros or 4% of the annual global turnover for breaches of GDPR - currently the ICO has powers to fine organisations up to £500,000.

Data Breach Notification:

Under the GDPR you will need to notify the ICO of a personal data breach “without undue delay and, where feasible, not later than 72 hours after having become aware of it”.

Data Protection Officers (DPO):

The GDPR will require some organisations to designate a DPO. The important thing is to ensure that a named individual in pharmacy business takes proper responsibility for compliance and has the knowledge, support and authority to do so effectively.

Greater control for data subjects:

Data subjects whom the pharmacy holds / processes personal data on, have the “right to erasure” also known as the “right to be forgotten”. This gives patients the right to direct the pharmacy to erase any of their personal data in certain situations.

Get GDPR ready now. Visit our advice and guidance page for more information 

Find out more 

NumarkNet GDPR.png

Comments

You must be logged in to add or view comments