Who’s responsible for GDPR and what needs to be done? #GDPR

Generally, the legal owner of the pharmacy – e.g. the contractor – will be the person responsible for the organisation’s compliance with the GDPR. Responsibility for compliance with GDPR cannot be delegated to any one person in the organisation, but one or more persons may be asked to lead one or more projects associated with GDPR and each person will be accountable for their actions. In GDPR terms this person is the data controller. The data controller also has some responsibility for any other person processing personal data on its behalf (a data processor).

The term ‘accountability’ is used in the GDPR to indicate that organisations must be accountable – must demonstrate – that they comply with the principles of data protection when processing personal data. Completing the GDPR Workbook (Part 2 of this pack) will help you to demonstrate GDPR compliance.

View our GDPR page for more information