You are here
The GPhC is registered as a data controller under the Data Protection Act 1998 (DPA). This means we are an organisation that controls how we collect, store, and use personal data. The register of data controllers is held by the Information Commissioner’s Office
Personal data is information about an identifiable living person. The person to whom the personal data refers is called a ‘data subject’.
The DPA sets out eight principles which state that any organisation collecting personal data must ensure that it is:
- processed fairly and lawfully
- processed for specific and lawful purposes
- used in a way that is adequate, relevant and not excessive
- accurate and, where necessary, kept up to date
- not kept for longer than is necessary
- processed in accordance with data subjects’ legal rights
- kept secure
- not transferred outside the UK without adequate protection.
Pharmacists, pharmacy technicians and pre-registration trainees
How we will use your personal data
The GPhC is a data controller registered with the Information Commissioner’s Office. The GPhC makes use of personal data to support its work as the regulatory body for pharmacists, pharmacy technicians and retail pharmacy premises in Great Britain. Data may be shared with third parties in pursuance of the GPhC's statutory aims, objectives, powers and responsibilities under the Pharmacy Order 2010, the rules made under the Order and other legislation. Personal data may be processed for purposes including (but not limited to):
- updating the register
- administering and maintaining registration
- processing complaints
- compiling statistics
Information may be passed to organisations with a legitimate interest including (but not limited to) other regulatory and enforcement authorities, NHS trusts, employers, Department of Health, universities and research institutions. Please note that the GPhC will not share your personal data on a commercial basis with any third party.
Sharing personal data with other organisations
The GPhC shares information with other organisations in pursuance of its statutory aims, objectives, powers and responsibilities under the Pharmacy Order 2010, the rules made under the Order and other legislation.
Information sharing enables organisations to improve client services, protect the public and respond to statutory requirements. The GPhC will only share information with other organisations to further our statutory role and responsibilities, whilst respecting the confidentiality of our registrants.
We recognise the importance of having clear guidelines to follow and ensuring that this information is shared in a secure and confidential manner and in accordance with the law, including the common law duty of confidence, the Data Protection Act 1998, the Human Rights Act 1998 and other related legislation and guidance.
Copies of the data sharing agreements we have with other organisations for the regular sharing of personal information of registrants are displayed on this page. In these agreements we make sure that:
- they are only provided with the minimum amount of information they need to carry out the activity or service.
- they agree not to use the information received from us for any other purposes other than those agreed by us.
- they have proper systems in place to protect personal data.
- both parties to the agreement publish a copy of the agreement on their websites. This is to promote openness and transparency and ensure that the profession and the public are aware of what information is shared and the reasons for this.
Requesting personal data about you
If you want to make a request to see personal data that we may hold about you, this is called a subject access request. Please send your request in writing to the information access team, describing the information you want. It would be helpful if you could mark your mail ‘Subject Access Request’.
Please note that we are allowed to charge a fee of up to £10 before providing the information to you. There are also a number of exemptions under the DPA which may mean we are unable to provide some of the information you want. You may also be asked to supply proof of your identity.
General Pharmaceutical Council
129 Lambeth Road
Tel: 020 3365 3507
You can find out more about the Data Protection Act and its principles from the Information Commissioner's Office.
When we provide services, we want to make them easy, useful and reliable. Where services are delivered on the internet, this sometimes involves placing small amounts of information on your device (such as your computer or mobile phone). These include small files known as cookies. They cannot be used to identify you personally.
- enabling a service to recognise your device so you don't have to give the same information several times during one task
- recognising that you may already have given a username and password so you don't need to do it for every web page requested
- measuring how many people are using services, so they can be made easier to use and there's enough capacity to ensure they are fast