Supporting community pharmacy contractors in working towards General Data Protection Regulation (GDPR) compliance

In just over one months’ time (25 May 2018) the two year implementation period for GDPR will end, and GDPR will be applicable. 

The RPS has been part of the cross-sector Community Pharmacy GDPR Working Party working to assist community pharmacy contractors in working towards General Data Protection Regulation (GDPR) compliance. The group includes the Pharmaceutical Services Negotiating Committee (PSNC), National Pharmacy Association (NPA), Company Chemists Association (CCA), Association of Independent Multiple Pharmacies (AIMp), Centre for Pharmacy Postgraduate Education (CPPE) and Community Pharmacy Wales (CPW). The group has developed materials which cover each of the different elements of GDPR and how they apply to community pharmacy. The guidance will provide support for community pharmacy organisations in England and Wales to help plan and prepare their strategy on how to comply with the GDPR. 

•    Guidance for Community Pharmacy (Part 1): supports contractors to understand the GDPR requirements, and the steps they will need to take to comply
•    Guidance for Community Pharmacy (short version) (Part 2):  this will assist with staff training. 
•    Workbook for Community Pharmacy (Part 3): includes a set of editable templates that contractors can use to demonstrate that they are meeting all the GDPR requirements.
•    FAQs for Community Pharmacy (Part 4)  

The guidance is underpinned by the mnemonic DATAPROTECTED, which provide the 13 steps to compliance:
1.    Decide who is responsible
2.    Action plan
3.    Think about and record the personal data you process
4.    Assure your lawful basis for processing
5.    Process according to data protection principles
6.    Review and check with your processors
7.    Obtain consent if you need to
8.    Tell people about your fair processing notice
9.    Ensure data security
10.    Consider personal data breaches
11.    Think about data subject rights
12.    Ensure privacy by design
13.    Data protection impact assessment

The guidance is applicable to England and Wales only. Community Pharmacy Scotland have developed their own GDPR resources to support community pharmacies in Scotland to work towards GDPR compliance. 

The PSNC held webinars on complying with the General Data Protection Regulation (GDPR) in April 2018. A recorded version of one of these webinars is available to view on the PSNC webpage 

Further information is available on the PSNC webpage -The General Data Protection Regulation (GDPR)

Information Governance Alliance is publishing comprehensive guidance for the NHS on GDPR

If you have any questions please contact the RPS Professional Support service on 0207 572 2740 or email [email protected] 


RPS members get free 24/7 e-Library access


If you were an RPS member, you’d get 24/7 access to essential pharmacy texts whenever and wherever you wanted.

You could also check thousands of journal abstracts and full-text articles from Medline Complete and the Biomedical Reference Collection.

And if you were an RPS member, e-Library access would come free with your membership.

The RPS is here to support our members facing the challenges of COVID-19.

Visit our e-Library today