It has come to light that in making preparations for the introduction of the General Data Protection Regulation (GDPR), some pharmacies have discovered that they have failed to notify (register) under the current Data Protection Act (DPA).

The GPhC states in its document In practice: Guidance on confidentiality “Pharmacy professionals must make sure that they keep up to date and comply with the law, for example: the Data Protection Act 1998 and the Human Rights Act 1998, as well as the common law duty of confidentiality, and with any NHS or employment policies on confidentiality that apply to their particular area of work. The Data Protection Act 1998 (DPA) covers personal information, including data about the physical or mental health or condition of a person (called a ‘data subject’ in the DPA). The Information Commissioner’s Office (ICO) enforces the DPA and produces advice and guidance on it”.

The LPC would strongly recommend that pharmacies, particularly independent pharmacies (since multiples’ IG is mostly coordinated via a central office) check online as soon as possible with the Information Commissioner’s Office (ICO) if there is any doubt that their pharmacy or pharmacies are indeed registered under the current Data Protection Act. You can search the ICO register athttps://ico.org.uk/esdwebpages/search

If you do find that you have failed to register your pharmacy or pharmacies under the current DPA, the LPC would advise that you do this immediately and certainly before the GDPR comes into force on May 25^th2018. Since payment of fees under the GDPR will be phased in when pharmacies’ existing registration under the DPA needs renewing, there will be no loss in registering immediately under the current DPA. This is in any case mandatory for data controllers such as pharmacies. A booklet explaining the process relating to payment of fees is attached.