The Northern Ireland Centre for Pharmacy Learning and Development (NICPLD) is required by law to comply with the General Data Protection Relations, 2018 (GDPR).
NICPLD is committed to ensuring that all employees, pharmacists, healthcare professionals, agents, contractors and data processors comply with the GDPR, regarding the processing and confidentiality of any personal data held by the Centre. To do this NICPLD must comply with the Data Protection Principles contained within the GDPR. In summary these state that personal data shall:
- be processed fairly and lawfully and only when certain conditions are met
- only be obtained and processed for specified and lawful purposes
- be adequate, relevant and not excessive
- be accurate and where necessary up to date
- be kept for no longer than necessary
- be processed in accordance with data subjects' rights
- be protected by appropriate security measures
- not be transferred outside the European Economic Area, to countries without adequate protection unless the consent of the data subject has been obtained.
NICPLD staff or others, who process or use any personal information on behalf of the Centre, must ensure that they follow these principles at all times.
All staff, pharmacists and other healthcare professionals have an individual responsibility to ensure that they adhere to the University's Data Protection Policy and the 1998 Act.
Any breach of the NICPLD's data protection policy or the 1998 Act by a member of staff or a pharmacist can be considered as a disciplinary matter. It may also be a criminal matter for which NICPLD and the individual concerned could be held criminally liable.