Community pharmacy contractors should begin the process of appointing a data protection officer (DPO) to ensure compliance with the UK Data Protection Act 2018, the Pharmaceutical Services Negotiating Committee (PSNC) has said.
The PSNC, together with the National Pharmacy Association and other primary care representatives, had campaigned for an amendment to the draft Act that would exempt smaller NHS providers from the requirement for a DPO. But in a House of Lords consideration of the proposed amendments held on 9 May 2018, Margot James, a minister at the Department for Digital, Culture, Media and Sport, said that while she had “sympathy” for the proposed amendment, primary care providers “process sizeable quantities of sensitive health data, whether that be an individual’s mental health status, the fact that they are pregnant, or details of their prescription for a terminal illness.
“All of these matters are highly personal and in the world of health, data protection is rightly paramount … It does not seem unreasonable that bodies who process those kinds of data should have a single point of contact on data protection matters.”
In response, the PSNC said that while they will continue to lobby for an amendment to the Data Protection Act 2018, they “must advise contractors to appoint a DPO”.
The UK Data Protection Act will complement the EU-wide General Data Protection Regulation (GDPR). Both will come into force in the UK on 25 May 2018. The PSNC has previously published GDPR guidance for community pharmacies, and the Royal Pharmaceutical Society has published an essential guide to the regulation.