Important: Community Pharmacy England New Amended Direction for the 2026 Data Security and Protection Toolkit.

On April 2nd 2026 Community Pharmacy England updated their Five-step checklist for completing the mandatory June 2026 Data Security and Protection Toolkit.

All UK Pharmacies MUST appoint a DPO BEFORE June 30th 2026

Community Pharmacy England now directs all UK pharmacies to appoint a Data Protection Officer BEFORE filling out the June 2026 Data Security and Protection Toolkit.

This CPE direction is a fundamental change from previous years. Appointing a DPO is now mandatory!

If a pharmacy does not appoint an official DPO before June 30th 2026 the pharmacy will not be GDPR compliant and cannot fill in the mandatory Data Security and Protection Toolkit. They will then be in breach of NHS contract.

Here is the new Community Pharmacy England direction:

https://cpe.org.uk/digital-and-technology/data-security/data-security-roles/

https://cpe.org.uk/wp-content/uploads/2026/01/Briefing-DSPTK-A-Five-steps-for-completing-DSPTK-Data-Security-and-Protection-Toolkit-.pdf

Independent appointed DPO versus and Internally appointed DPO

If a pharmacy appoints an internal DPO they MUST meet this strict criteria:

They must have expert knowledge of UK GDPR data protection laws and practices.

There cannot be any conflict of interests. The internal DPO CANNOT be:

  • A director of the pharmacy.
  • The main pharmacy owner.
  • The Superintendent Pharmacist.
  • The Responsible Pharmacist.
  • A Pharmacy technician.
  • Anyone employed in the general workings of the pharmacy

Choosing to appoint an independent DPO meets ALL of the strict NHS and ICO requirements. A pharmacy can then complete the Security and Protection Toolkit successfully!

We offer to you our independent DPO service that will fulfill all of your GDPR compliance requirements and allow you to fill in the June 2026 Security and Protection Toolkit correctly and avoid all of the pitfalls that appointing an unqualified internal DPO can bring.

Our proven independent DPO service is DPOA award winning and is very cost-effective!

Call us now for a no obligation discussion and quote.
We offer consultancy, outsourced DPO services, UK and EU GDPR representation, Caldicott Guardian support, staff training and awareness programs, and an expert DPO-led data protection advice line to support your compliance efforts.
Book a consultancy