• Data Strategy
  • Privacy

01 Jun, 2018

Data Protection Officer Services: Pharmacy & Health Care

Pharmacy and health care industry bodies lost their fight earlier this month to gain an exemption from requiring a Data Protection Officer (DPO) under GDPR and the UK Data Protection Act 2018.

The UK Data Protection Act 2018 and the GDPR state that businesses whose core function includes processing special category data (including health data) requires a DPO, regardless of the size of the organisation.

This is good news for customers, they will have an extra layer of confidence knowing their personal data is being managed in line with the law, but small pharmacies in particular will be hit hard with this news.

What is a DPO anyway?

The DPO is an independent data privacy expert who reports to the Board (or highest level of the business) and possesses legal knowledge and is ultimately responsible and accountable for the data privacy policies, processes and procedures.

They act as advisors to your business and ensure your business or practice is compliant with EU / UK data protection legislation. Because of the conflict of interest, this cannot be an owner of the business.

The concept of the DPO has been around for some time, but there are not a large number of people within the EU with the right level of experience to hold the post.

For smaller and independent Pharmacies, GPs surgeries and dental clinics in particular, this poses a high risk to business, either through non-compliance (choosing to ignore the regulation or appointing an unsuitable Data Protection Officer), or financially (hiring a DPO directly, or engaging an outsourced DPO service).

Fortunately, both EU and UK data protection legislation allows for groups of similar businesses to be represented by a single DPO in certain circumstances. Pharmacy and medical industry groups should encourage their members to pool resources together, and save on fees.

How do I get in touch to discuss this?

For more information, please contact us on +44 203 934 1099, or email digitaladvisory@chaucer.com to hear more about our service and see if we can help.

Paul Gillingwater MBA, CISSP, CISM, RHCE

Associate Partner

GDPR, ISO27001, PCI/DSS, GRC, DPA18

Paul is Head of IT Security and Data Privacy Team and Registered DPO at Chaucer and has worked for more than 30 years as a cyber security specialist and advisor to businesses with their governance, regulatory and compliance requirements. More recently he has advised on data protection and is a passionate advocate of online privacy rights education.

Blog 28 Sep, 2021

Data Strategy, Data Science & Analytics, Data Visualisation, Data, Data Ethics, Culture

Finding our equilibrium workplace

28 Sep, 2021

Jill Dawson

Head of Marketing

Blog 23 Jul, 2021

Data Strategy, Data Science & Analytics, Data Visualisation, Data, Data Ethics

Five risks of getting ‘return to work’ wrong and how to avoid them

23 Jul, 2021

Elodie De Fontenay

Insight Partner – Data & AI

Blog 06 Jul, 2021

Privacy, Cyber Security, Data, Ransomware, Information Security

Handling a ransomware data extortion attack

06 Jul, 2021