You may or may not have heard of the General Data Protection Regulation (GDPR), which is coming into force on 25 May 2018. It follows on from the existing Data Protection Act but offers individuals greater control over their privacy and the way their personal data is saved and used.
The Information Commissioner’s Office (ICO) has provided a lot of information about the GDPR and its implications for organisations. In order to be compliant with the GDPR, organisations must have one of the following six reasons for processing personal data:
- The explicit consent of the individual to use their data
- It is necessary for a contract with the individual.
- It is necessary for complying with a legal obligation.
- It is necessary to protect the interests of another person.
- It is necessary for a task being carried out in the public interest or by a person exercising their official authority.
- It is necessary for the legitimate interests of a third party, unless the interests / rights / freedoms of the individual override this.
Since Instant eCare is an online pharmacy, we need to process personal data to provide a prescription for the medication you need. We are then required by law to hold prescriptions for two years and patient records for ten years after the patient’s death. This means we can’t delete your account as it holds the records of your past orders.
Whilst we are able to send you emails regarding the progress of your order, we are required to gain a patient’s consent before sending them marketing emails. It is not permissible to assume consent from silence or a pre-ticked box.
If you have any questions or want more information on the GDPR, take a look at the ICO website.