The pharmacy regulator is taking steps to adopt new European Union (EU) data protection legislation, which is due to come into force in May 2018.
The General Pharmaceutical Council (GPhC) has to have an independent data protection officer in place by then to oversee all its data protection obligations being brought in under the EU’s General Data Protection Regulation.
That new role will be taken on by its head of governance who will report directly to the GPhC’s registrar and chief executive, the GPhC’s council agreed at its meeting last week (13 October).
The new regulation is an attempt to introduce a common approach to data protection across the EU.
A report about the legislation which went to the council meeting last week said that the regulation reflects existing voluntary data protection practice which will in future become mandatory.
From May 2018, the GPhC will have to show that it involves the independent data protection officer in its decisions where appropriate, and that all the decisions it takes regarding data protection are documented.
Transparency is at the heart of the new data regulation, which will introduce “a right to be forgotten” for individuals who will have the power to request data about them be removed if “there is no compelling reason” for the organisation to continue to process it.
However, the GPhC says this is not an “absolute right” and will not apply in cases where “the data is processed ‘to meet a legal obligation or for the performance of a public interest task or exercise of official authority’”.