LEGISLATION
GDPR: all you need to know
on 25 MaY 2018, thE EUroPEan UnIon’S gEnEral data ProtEctIon rEgUlatIonS (gdPr) WIll coME Into forcE. gdPr IS thE cUlMInatIon of foUr YEarS of EffortS to UPdatE ProtEctIon for thE 21St cEntUrY. PIf lookS at hoW thIS WIll IMPact on YoUr PharMacY BUSInESS…
a
s you will know, the 21st century requires us all to regularly grant permission for
our personal information to be used for a variety of reasons in exchange for 'free' services, leaving us wide open to misappropriation and misuse of our personal data.
Until now, data was protected by the data Protection act 1998, which was brought into law as a way to implement the 1995 EU data Protection directive. gdPr will now replace the data Protection act 1998 and seeks to give people more control over how organisations use their data, and will introduce hefty penalties for organisations that fail to comply with the rules, and for those that suffer data breaches. It also ensures data protection law is almost identical across the EU.
adrienne clugston, operations Manager at the Ulster chemists’ association provides Pif with a comprehensive guide to gdPr.
42 - PharMacY In focUS
What is GDPR? general data Protection regulations come into force in the Uk on 25 May 2018 and have been introduced to strengthen existing data protection laws in light of a number of high profile and serious breaches of people’s personal data in recent years, including Yahoo, eBay, Uber and most recently facebook.
the new law provides a consistent data protection framework with enhanced rights for individuals and greater accountability and transparency. the gdPr applies to personal data and data controllers and processors are faced with a number of tasks to ensure their business is compliant with the new regulations.
gdPr applies to all businesses regardless of size and community pharmacies are not exempt. It is also unlikely to be affected by Brexit.
there is no bedding in period and all businesses are expected to be compliant by end of May.
Key definitions What is a data subject? an individual, living (or natural) person to whom the data relates.
What is personal data? • Information relating to an identified or identifiable natural person, ie, information or data that can identified, directly or indirectly, an individual
• Identifiers include name, identification number, location data, online identifier or their physical, physiological, genetic, mental, economic, cultural or social identity
What is sensitive personal data? data which can identify an individual’s race or ethnicity, political opinion or affiliation, religious or philosophical beliefs, trade union
membership, physical or mental health, sexual life or orientation and genetic or biometric information. In other words, data which can be used to discriminate against an individual.
What is data processing? collecting, recording or holding data, as well as the sorting and analysis of that data.
What is a data controller? • a controller determines the purposes and means of processing personal data.
• Where a business uses a data processor, the gdPr places further obligations on the data controller to ensure their contracts with processors comply with the gdPr.
What is a data processor? • a processor is responsible for processing personal data on behalf of a controller.
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19 |
Page 20 |
Page 21 |
Page 22 |
Page 23 |
Page 24 |
Page 25 |
Page 26 |
Page 27 |
Page 28 |
Page 29 |
Page 30 |
Page 31 |
Page 32 |
Page 33 |
Page 34 |
Page 35 |
Page 36 |
Page 37 |
Page 38 |
Page 39 |
Page 40 |
Page 41 |
Page 42 |
Page 43 |
Page 44 |
Page 45 |
Page 46 |
Page 47 |
Page 48 |
Page 49 |
Page 50 |
Page 51 |
Page 52 |
Page 53 |
Page 54 |
Page 55 |
Page 56 |
Page 57 |
Page 58 |
Page 59 |
Page 60 |
Page 61 |
Page 62 |
Page 63 |
Page 64
