Cookie policy: This site uses cookies (small files stored on your computer) to simplify and improve your experience of this website. Cookies are small text files stored on the device you are using to access this website. For more information please take a look at our terms and conditions. Some parts of the site may not work properly if you choose not to accept cookies.


Subscribe or Register

Existing user? Login


Data protection

Community pharmacies should appoint data protection officers, PSNC advises

Community pharmacy contractors should begin the process of appointing a data protection officer (DPO) to ensure compliance with the UK Data Protection Act 2018, the Pharmaceutical Services Negotiating Committee (PSNC) has said.

The PSNC, together with the National Pharmacy Association and other primary care representatives, had campaigned for an amendment to the draft Act that would exempt smaller NHS providers from the requirement for a DPO. But in a House of Lords consideration of the proposed amendments held on 9 May 2018, Margot James, a minister at the Department for Digital, Culture, Media and Sport, said that while she had “sympathy” for the proposed amendment, primary care providers “process sizeable quantities of sensitive health data, whether that be an individual’s mental health status, the fact that they are pregnant, or details of their prescription for a terminal illness.

“All of these matters are highly personal and in the world of health, data protection is rightly paramount … It does not seem unreasonable that bodies who process those kinds of data should have a single point of contact on data protection matters.”

In response, the PSNC said that while they will continue to lobby for an amendment to the Data Protection Act 2018, they “must advise contractors to appoint a DPO”.

The UK Data Protection Act will complement the EU-wide General Data Protection Regulation (GDPR). Both will come into force in the UK on 25 May 2018. The PSNC has previously published GDPR guidance for community pharmacies, and the Royal Pharmaceutical Society has published an essential guide to the regulation.

Citation: The Pharmaceutical Journal URI: 20204830

Readers' comments (1)

  • Wow, just wow. How wrong can they get it?

    Recital 91 GDPR clearly states that "The processing of personal data should not be considered to be on a large scale if the processing concerns personal data from patients or clients by an individual physician, other health care professional or lawyer."

    While that recital discusses the conduct of a data protection impact assessment the same test is used for the appointment of a DPO and it's shameful and wrong that this is being passed along as an unnecessary regulatory burden on community pharmacy contractors.

    Unsuitable or offensive? Report this comment

Have your say

For commenting, please login or register as a user and agree to our Community Guidelines. You will be re-directed back to this page where you will have the ability to comment.

Recommended from Pharmaceutical Press

  • Print
  • Share
  • Comment
  • Save
  • Print Friendly Version of this pagePrint Get a PDF version of this webpagePDF

Supplementary images

  • Empty pharmacy

Jobs you might like

Newsletter Sign-up

Want to keep up with the latest news, comment and CPD articles in pharmacy and science? Subscribe to our free alerts.