What about processing children’s data? #GDPR

For pharmacies dealing with prescriptions for children normal professional rules and legal principles apply, not the GDPR, because prescription data is not processed under explicit consent.

The GDPR sets out additional requirements in relation to children giving consent for the processing of their personal data particularly where this relates to ‘information society services’ which are broadly services provided at a distance, often via the internet and may involve buying and selling.

In Scotland, for the purposes of data protection, “Children” includes anybody below the age of 12. So, if you are using consent or explicit consent as a legal basis for processing, you must obtain parental consent for those under 12 (or those who are over 12 but you feel do not understand what they are agreeing to). 

A child may wish to exercise their rights under the GDPR (see “Data Subject Rights”), so you must take any request from a child seriously, and make reasonable efforts to obtain parental consent if this is required.

Where services are offered direct to a child, you must ensure your fair processing notice is written in a clear, plain way that a child will understand.

View our GDPR page for more information