Layer 1

Independents most impacted by need to appoint data 'expert' in 10 days

Exclusive
NPA: Having to appoint a data protection officer is time-consuming red tape for no benefit
NPA: Having to appoint a data protection officer is time-consuming red tape for no benefit

The EU requirement for every UK pharmacy to appoint a data ‘expert’ within 10 days “will disproportionately impact” independents, the National Pharmacy Association has warned.

The General Data Protection Regulation (GDPR) – which comes into force on May 25 – requires “public authority organisations” to appoint a data protection officer (DPO) to advise on data protection obligations and be the point of contact for patients and authorities about related issues.

The Pharmaceutical Services Negotiating Committee (PSNC) warned last Friday (May 11) that despite lobbying attempts by itself and the NPA to scrap the requirement for smaller pharmacies to appoint a data expert, “we now find ourselves in the position that we must advise contractors to appoint a DPO”.

NPA: “No appreciable benefit”

NPA head of parliamentary affairs Chris Ford warned that the DPO requirement “will place yet another administrative obligation on the sector”.

As part of its lobbying efforts, the NPA said it wrote to pharmacy minister Steve Brine in February “to outline the case for pharmacies to be exempted”, Mr Ford told C+D.

The NPA is “disappointed” that the government has taken this stance despite the organisation’s proposal securing “the support of the Liberal Democrats, Labour and a number of Conservative backbenchers”, he added.

“We will continue to ask for exemptions to be found through regulation,” Mr Ford said.

“But if it is the government's intention to create costly and time-consuming red tape for our members for no appreciable benefit, then it is a fair expectation that they bear the full cost of this in contract negotiations.”

“Sharing” DPOs

According to guidance from the Information Commissioner’s Office (ICO), “in some cases, several organisations can appoint a single DPO between them”.

However, NPA chief pharmacist Leyla Hannbeck said: “It is important to consider if one DPO can realistically cover a collection of organisations.”

Pharmacies “should ensure the DPO has the necessary resources in place to undertake their role and be supported as appropriate”, she advised.

Noel Wardle, partner at law firm Charles Russell Speechlys, said: “It may be that data protection experts will offer DPO services as a form of consultancy, or this could be organised at local level; for example, through local pharmaceutical committees.”

Pharmacy owners remain accountable for data protection and failure to comply to obligations in relation to DPOs could mean facing a fine of up to €20 million or 4% of the business’s turnover, Mr Wardle said.

Read more about the EU requirement and what is involved in being a DPO here.

1 Comments
Question: 
Has your pharmacy appointed a DPO?

Brian AUSTEN, Administration & Support

I think a lot of pharmacy contractors will "bury their head in the sand" and hope they won't have any problems in the future but they need to think about the rare unscrupulous patient or customer that will inevitably test them and 'try it on' in the hope of compensation. That happened in a number of pharmacies and other businesses when the Equalities Act first came in.

Job of the week

Pre-Registration Training
Kent / South East
Competitive