A selection of recent members’ questions speci cally on the GDPR which came into effect on Friday 25 May that were answered by the NPA’s pharmacy team.
What are the six data protection principles identi ed under the GDPR?
The six data protection principles identi ed under the GDPR state that personal data must be:
What is the purpose of the accountability principle under the GDPR?
The accountability principle is a new addition under the GDPR which requires organisations to demonstrate compliance with the data principles of the GDPR. The accountability principle aims to minimise the risk of data breaches and promote protection of personal data. It is the organisation’s responsibility to ensure they are able to demonstrate compliance with the GDPR requirements. Organisations can demonstrate compliance through:
I need to ask the patient/ representative to con rm the address verbally when handing out a dispensed prescription whilst others may hear; is this still possible under the GDPR?
Yes. Calling out a patient’s name when handing out a dispensed prescription is important to ensure the correct patient/representative receives the dispensed prescription. To ensure a data breach does not occur, the patient/representative should be asked to con rm the address, rather than a member of the pharmacy team stating it – for example, using a phrase similar to “can you please confirm the address?” Seeking confirmation gives the option to the patient/representative to choose whether to con rm the address verbally or choose to show proof of identi cation.
You may also wish to consider displaying a patient notice informing patients of the procedure undertaken when handing out dispensed prescription items – this notice can outline that the patient has the option to provide proof of identi cation instead of verbally confirming their identity. Additionally, the notice can highlight that the process of con rming identity can take place in a consultation room.
If a pharmacy organisation chooses to display a patient notice, this process must be highlighted in the pharmacy’s standard operating procedure (SOP) and the pharmacy must ensure patient con dentiality is maintained at all times – not just to comply with GDPR, but also to abide by the professional standards set by the GPhC/PSNI.
What lawful basis is appropriate if I sell/supply pharmacy (P), general sales list (GSL) medicines and non-GSL items through my website?
Depending on the situation, and item being sold/supplied, the lawful basis may differ; potential lawful bases are: