GDPR news 27th March 2018

CPE has today published a series of guidance documents to assist community pharmacy contractors in working towards General Data Protection Regulation (GDPR) compliance.

The materials, created by the cross-sector Community Pharmacy GDPR Working Party, discuss each of the different elements of the GDPR and how they apply to community pharmacy.

They consist of:

• Guidance for Community Pharmacy (Part 1): this should help contractors to understand the GDPR requirements, and it sets out the steps they will need to take to comply.
• Guidance for Community Pharmacy (short version) (Part 2): this has been made available to assist with staff training.
• Workbook for Community Pharmacy (Part 3): this contains a set of editable templates that contractors can use to show that they are meeting all the GDPR requirements.
• FAQs for Community Pharmacy (Part 4): this provides simple answers to key questions on the GDPR.
  All the guidance documents can be downloaded here.

Contractors should be reassured that whilst GDPR brings a new approach to data protection, much of what becomes mandatory has been good practice in the past and pharmacy teams are used to managing personal data and are subject to considerable information governance (IG) requirements already.

To keep things as straightforward as possible, the new guidance is underpinned by the mnemonic DATAPROTECTED, giving 13 steps as the route to compliance:

1. Decide who is responsible
2. Action plan
3. Think about and record the personal data you process
4. Assure your lawful basis for processing
5. Process according to data protection principles
6. Review and check with your processors
7. Obtain consent if you need to
8. Tell people about your fair processing notice
9. Ensure data security
10. Consider personal data breaches
11. Think about data subject rights
12. Ensure privacy by design
13. Data protection impact assessment