πŸ”’ Information Governance & Data

Information Governance & Data Security in Community Pharmacy

A practical, regulation-aligned course covering UK GDPR, the NHS Data Security and Protection Toolkit (DSPT), day-to-day cyber and data security, privacy notices and patient rights β€” written specifically for community pharmacy owners, pharmacists, technicians and support staff in England (with UK GDPR content applicable across Great Britain).

Every community pharmacy is a data-intensive organisation. Patient medication records, clinical consultations, NHS system access, staff personal data, supplier relationships β€” all of it is governed by UK GDPR, the NHS Data Security and Protection Toolkit (DSPT) and a growing body of contractual IG obligations. Getting this right is not optional: it is a contractual requirement, a GPhC governance expectation, and β€” most importantly β€” a fundamental duty to the patients who trust the pharmacy with their most sensitive personal information.

This course gives community pharmacy teams a practical, jargon-free understanding of what UK GDPR and NHS data security standards actually require of them β€” and how to meet those requirements without drowning in complexity. From completing the annual DSPT on time to writing a compliant privacy notice, from locking your screen when you leave the dispensary to handling a data breach in the middle of a busy dispensing session β€” this course covers it all in community pharmacy terms.

What you'll learn

  • βœ“Core UK GDPR concepts applied to community pharmacy β€” lawful bases, special category data, controller vs processor
  • βœ“What the NHS Data Security and Protection Toolkit (DSPT) is, why it's a contractual requirement, and how to complete it
  • βœ“DSPT 2025–26 version 8 features β€” mandatory questions, multi-factor authentication, and the June 30 deadline
  • βœ“Day-to-day data security: passwords, NHSmail, smartcards, device security, backups and cyber hygiene
  • βœ“How to write and maintain a pharmacy privacy notice that meets ICO requirements
  • βœ“Handling patient data subject rights requests β€” access, erasure, rectification and objection
  • βœ“Responding to data breaches and cyber incidents β€” immediate steps, investigation and notification

"Community pharmacies have contractual obligations to complete the Data Security and Protection Toolkit annually. Failure to do so puts NHS contract compliance, NHSmail access and patient data security at risk." β€” CPE Data Security Guidance

Aligned with current standards

This course is aligned with CPE GDPR guidance and data security hub, the NHS Data Security and Protection Toolkit (DSPT) 2025–26 version 8, ICO privacy notice and cookies guidance, the Greater Manchester Community Pharmacy GDPR Handbook, Clinical Governance Approved Particulars, and the Community Pharmacy Information Standard. UK data protection law and DSPT requirements are actively updated β€” always check the current CPE, DSPT and ICO guidance before making compliance decisions. The Data (Use and Access) Act 2025 may introduce further changes to UK data protection obligations.

5Modules
12Lessons
150Minutes
3Templates

πŸ‘€ Who this is for

Community pharmacy owners and contractors, superintendent pharmacists, pharmacists, pharmacy technicians and support staff in England who handle patient data, access NHS clinical systems or have responsibility for IG compliance. The DSPT and contractual IG content is specific to England; the UK GDPR content applies across Great Britain.

⚠️ Data protection law and DSPT requirements change β€” always verify before acting. UK GDPR, NHS data security standards and DSPT requirements are regularly updated, including potential changes following the Data (Use and Access) Act 2025. This course reflects guidance current at time of writing. Always check the latest CPE data security hub, NHS DSPT website and ICO guidance before making compliance decisions. This course does not constitute legal advice.

Course Curriculum

πŸ“„ What Is Information Governance and Why Does It Matter in Pharmacy? Preview
πŸ“„ UK GDPR in Community Pharmacy: Key Concepts and Lawful Bases
πŸ“„ Documentation, Accountability and IG Roles in the Pharmacy
πŸ“„ What the DSPT Is and Why It Matters for Community Pharmacy
πŸ“„ Completing the DSPT: Evidence, Workbook and Practical Steps
πŸ“„ Access Control, Passwords, Smartcards and Multi-Factor Authentication
πŸ“„ Secure Email, Device Security, Backups and Cyber Incident Response
πŸ“„ Writing and Maintaining a Compliant Privacy Notice
πŸ“„ Cookies, Patient Rights Requests and Handling Complaints
πŸ“„ Records Management and Safe Information Sharing
πŸ“„ Four Realistic IG Scenarios: Failures, Responses and Exemplary Practice
πŸ“ Module Assessment: Information Governance & Data Security

Β£49.99

+ VAT where applicable

Register to Buy β€” Β£49.99

Already have an account? Sign in

This course includes

  • πŸ“š 5 modules Β· 12 lessons
  • ⏱ 2h 30m self-paced learning
  • πŸ“₯ 3 downloadable templates & checklists
  • πŸ“ Knowledge assessment quiz
  • πŸ” Unlimited quiz re-attempts
  • πŸ† Verified certificate on completion
  • ♾️ Lifetime access to content

Downloadable templates

  • DSPT Preparation Checklist for Community Pharmacy
  • Pharmacy Data Security Checklist
  • Privacy Notice Content Template for Community Pharmacy

Templates unlock after enrolment

Standards & currency

UK GDPR 2025 DSPT 2025–26 v8 NHS IG contractual standards Reviewed June 2026

Written by UK pharmacy experts. Always verify against current official guidance before clinical use.

πŸ†

Certificate of Achievement

Complete this course and earn a personalised, printable certificate β€” with your name, course title and a unique certificate number. Suitable as CPD evidence for GPhC revalidation and GPhC inspection records.