A selection of recent members’ questions speci cally on the GDPR which came into effect on Friday 25 May that were answered by the NPA’s pharmacy team.
What are the six data protection principles identi ed under the GDPR?
The six data protection principles identi ed under the GDPR state that personal data must be:
What is the purpose of the accountability principle under the GDPR?
The accountability principle is a new addition under the GDPR which requires organisations to demonstrate compliance with the data principles of the GDPR. The accountability principle aims to minimise the risk of data breaches and promote protection of personal data. It is the organisation’s responsibility to ensure they are able to demonstrate compliance with the GDPR requirements. Organisations can demonstrate compliance through:
I need to ask the patient/ representative to con rm the address verbally when handing out a dispensed prescription whilst others may hear; is this still possible under the GDPR?
Yes. Calling out a patient’s name when handing out a dispensed prescription is important to ensure the correct patient/representative receives the dispensed prescription. To ensure a data breach does not occur, the patient/representative should be asked to con rm the address, rather than a member of the pharmacy team stating it – for example, using a phrase similar to “can you please confirm the address?” Seeking confirmation gives the option to the patient/representative to choose whether to con rm the address verbally or choose to show proof of identi cation.
You may also wish to consider displaying a patient notice informing patients of the procedure undertaken when handing out dispensed prescription items – this notice can outline that the patient has the option to provide proof of identi cation instead of verbally confirming their identity. Additionally, the notice can highlight that the process of con rming identity can take place in a consultation room.
If a pharmacy organisation chooses to display a patient notice, this process must be highlighted in the pharmacy’s standard operating procedure (SOP) and the pharmacy must ensure patient con dentiality is maintained at all times – not just to comply with GDPR, but also to abide by the professional standards set by the GPhC/PSNI.
What lawful basis is appropriate if I sell/supply pharmacy (P), general sales list (GSL) medicines and non-GSL items through my website?
Generally, a patient is required to open an account and provide personal data through an online questionnaire if they plan to buy a P/GSL/non-GSL item via a pharmacy website. The request may require the pharmacy contact the patient by email/telephone to ensure the supply is appropriate. If personal data is not collected/ processed, then no lawful basis is required. Although the patient has already provided implicit consent when creating an account, the pharmacy website’s privacy policy needs to clearly outline the purpose(s) for which the personal data is collected. When selling/ supplying a GSL medicine or a non-GSL items or CE-marked item such as an eye drops for dry eyes, the pharmacy may need to contact the patient in order to make a safe and appropriate supply.
Depending on the situation, and item being sold/supplied, the lawful basis may differ; potential lawful bases are:
This website is for healthcare professionals, people who work in pharmacy and pharmacy students. By clicking into any content, you confirm this describes you and that you agree to Independent Pharmacist's Terms of Use and Privacy Policy.
We use essential, performance, functional and advertising cookies to give you a better web experience. Find out how to manage these cookies here. We also use Interest Based Advertising Cookies to display relevant advertisements on this and other websites based on your viewing behaviour. By clicking "Accept" you agree to the use of these Cookies and our Cookie Policy.