General Data Protection Regulation (GDPR)

Question 1

What is the GDPR?

Answer 1

The processing of personal data to ensure that data is processed lawfully, fairly and in a transparent manner in relation to individuals.

Question 2

What new act is all about personal information and the way that is collected, stored and used?

Answer 2

Data Protection Act - May 2018

Question 3

Who overseas the DP Act?

Answer 3

Information comissionar (IC)

Question 4

What does the DP Act require?

Answer 4

Anyone who records and uses personal information to be registered with the IC

Question 5

Define data subject

Answer 5

An identified or identifiable living ‘natural individual’

Question 6

Define data processing

Answer 6

• Collecting. recording, organising, structuring, storing, retrieval, consulting, use and disclosure of data
• Someone who does any of the above is a data

Question 7

Define data controller

Answer 7

A person with overall responsibility for the processing of information - decides what data to process and how

Question 8

Define information commissioner’s office (ICO)

Answer 8

The independent authority for the UK which will uphold information rights in the public interest

Question 9

What is classes as personal information (PI)?

Answer 9

Name and address
Tel number
Email
Details of medicines dispensed
NHS number Age

Question 10

How are organisations expected to handle and use PI?

Answer 10

• Be transparent is explaining the use of PI
• Provide choices about how PI used where appropriate to do so
• Keep it secure
• Only collect and retain the minimum amount of PI necessary to carry out their functions
• Only retain data for as long as it is required
• Report any loss of PI promptly
  Severe penalties for non-compliance

Question 11

What is special category data and what are some examples?

Answer 11

Personal information that is especially sensitive
- Race/ethnic origin
- Religious
- Political opinions
- Trade union memberships
- Biometric data used to identify an individual
- Genetic/Health data
- Data related - sexual preference, sex life, sexual orientation

Question 12

The processing of special category data is prohibited unless what?

Answer 12

• The data subject has been given explicit consent to the processing for one or more specified purpose OR
• Processing is necessary for the purpose of the provision of health care or treatment

Question 13

What are the rights of individuals?

Answer 13

The right to;
1. be informed
2. access
3. rectification
4. erasure
5. restrict processing
6. data portability
7. object to data processing
8. Not to be subject to automated decision-making including profiling

Question 14

Describe ‘right to be informed’

Answer 14

Display privacy notice - explain how it will handle PI - should be in plain english on website or in pharmacy

Question 15

Describe ‘right of access’

Answer 15

People can request information help about them - no charge and be provided within one calendar month

Question 16

Describe ‘right to rectification’

Answer 16

right to request that any information entry amended - some information retained even if incorrect

Question 17

Describe ‘right to object to data processing’

Answer 17

People have the right to object to processing their data

Question 18

What right of individuals are applied to pharmacy?

Answer 18

1. Right to be informed
2. The right of access
3. The right to rectification
4. The right to object to data processing

Question 19

Define consent

Answer 19

express willingness, give permission,agree

Question 20

What are the two types of consent?

Answer 20

Explicit and implied

Question 21

For a person to give consent they must do?

Answer 21

• Have the capacity to do so
• Be acting voluntarily
• Have enough information to allow them to make an informed decision
• Be capable of weighing up the information provided

Question 22

When can disclosure of confidential information happen?

Answer 22

• A patient agrees to their info being disclosed
• The law requires for the info to be disclosed
  -It is the public interest to disclose the information
  Records should be made

Question 23

Who can request info about a data subject without consent of data subject?

Answer 23

• The police or another enforcement
• A healthcare authority
• A healthcare regulator
• NHS counter-fraud officer
• A coroner, judge or court

Question 24

Why is it that some confidential info can be disclosed without consent if it is in the public interest?

Answer 24

To prevent:
- serious crime
- serious harm to a person receiving care or to a third party
- serious risk to public health