GDPR issue in Pharmacy

qo2cj1dsne8y4k

Oh and I totally accept that now. When I was googling what this was, because my name is “personal data” and my personal data was carried outside the chemist to be used in gossip, followed by online assaults, or bullying, made me think it was a gdpr issue but I totally understand that it may not be.

hullaballoo

The irony of people tut tutting and saying things like "read up on GDPR before you bandy the term about" etc is delicious.

As ever the cluelessness around GDPR abounds amongst the amateur enthusiasts.

This is squarely and 100% a GDPR issue. It just also happens to be problematic for the pharmacy for numerous other reasons such as straightforward patient confidentiality and customer service.

But it is a GDPR issue too. And a serious one. I'm not surprised the pharmacy owner is taking it seriously because they are potentially in hot water on a number of fronts here.

FutureTeashock

I find it depressing the way people rushed to defend the chemist because it's a wing of the Medical establishment of this country.


People always side with the big boys in Ireland.


File an immediate case with the Data Protection Commission and teach people on here a lesson!

qo2cj1dsne8y4k

The owner was very nice and took this very seriously when I spoke to him and I don’t want to damage his business without giving him the opportunity to remedy the situation. I’m sure they all have a bitch about customers from time to time but he couldn’t control the third party posting it to Facebook.

I will meet with him and if I’m not satisfied with what he has to say, I’ll be filing a case with the psi and the data commissioner

Portsalon

FutureTeashock wrote: »

File an immediate case with the Data Protection Commission and teach people on here a lesson!

Great idea - Bugsy Dixon needs more real work to stop her from her moronic grandstanding about the PSC!

Incidentally, how exactly will the filing of a complaint to the DPC teach us a lesson?

FutureTeashock

Portsalon wrote: »

Great idea - Bugsy Dixon needs more real work to stop her from her moronic grandstanding about the PSC!

Incidentally, how exactly will the filing of a complaint to the DPC teach us a lesson?

Because you lot were falsely claiming it was not a GDPR issue, hoping the complainant would just slink away and drop the case.



It was a serious data breach and needs to be reported.

Portsalon

FutureTeashock wrote: »

Because you lot were falsely claiming it was not a GDPR issue, hoping the complainant would just slink away and drop the case.

I see.

Now, let's try again: how exactly will the filing of a complaint to the DPC teach us a lesson?

cnocbui

I can't see that the Pharmacy manager has any option but to terminate the employment of the gossip, if they confirm the OPs assertions. Not only are they breaching medical confidentiality, their actions are bordering on libelous, if not fully so.

Sleeper12

hullaballoo wrote:

But it is a GDPR issue too. And a serious one. I'm not surprised the pharmacy owner is taking it seriously because they are potentially in hot water on a number of fronts here.

You are mistaken on this. What personal data that was collected by the business do you think was shared or stored incorrectly?

Stating that a named person frequents a shop isn't a GDPR breach. This is a fact that can be observed by anyone in the street. None of OPs personal data was shared by the business.

FutureTeashock

Sleeper12 wrote: »

You are mistaken on this. What personal data that was collected by the business do you think was shared or stored incorrectly?

Stating that a named person frequents a shop isn't a GDPR breach. This is a fact that can be observed by anyone in the street. None of OPs personal data was shared by the business.

This is hilarious.


A member of staff shared with a third party what was supposed to be a fully confidential interaction, who then harassed the customer on Facebook.


MASSIVE GDPR BREACH!

qo2cj1dsne8y4k

Sleeper12 wrote: »

You are mistaken on this. What personal data that was collected by the business do you think was shared or stored incorrectly?

Stating that a named person frequents a shop isn't a GDPR breach. This is a fact that can be observed by anyone in the street. None of OPs personal data was shared by the business.

My name?

banie01

FutureTeashock wrote: »

This is hilarious.


A member of staff shared with a third party what was supposed to be a fully confidential interaction, who then harassed the customer on Facebook.


MASSIVE GDPR BREACH!

What information other than the OP was present in the pharmacy was shared?

Ones attendance in a public space is not protected under GDPR.
The actions of the assistant and the sisters, brothers, girlfriend...
In gossiping are stupid, and even more so in the part of the assistant possibly grounds for dismissal as misconduct.

Without meaning to be dickish about it, there is only 1 side of the story presented and the assistant may have a much different perception of how the interaction unfolded and is entitled to a right of reply to her employer.

There was no confidential information shared in the interaction in store, nor in the disclosure that the OP was in store as no actual transaction took place.

Going by the OPs story, the assistant is a Muppet and disciplinary action is warranted.
A complaint to the ODPC however is unwarranted and in any case would need to follow the pharmacy/shop complaint process 1st and can only be forwarded to the ODPC for their consideration once a final written response on the matter has issued from the Pharmacy.

qo2cj1dsne8y4k

My attendance wasn’t the issue, the issue is my complaint was shared which was made privately with the pharmacist/manager who spoke to the staff member in question, who shared it with her friend who shared it publicly on Facebook.

Sleeper12

FutureTeashock wrote:

A member of staff shared with a third party what was supposed to be a fully confidential interaction, who then harassed the customer on Facebook.

Someone shopping in a particular store is not fully confidential interaction. Did OP wear false beard and wig to hide their identity going into the shop?

So far OP hasn't posted that any personal information /data stored by the store has been shared. Fifty people could have seen OP walk into the store. If someone posted that OP bought condoms or medicine that could be a breach but to suggest stating that someone was seen in a public place is a GDPR breach is totally off the wall.

FutureTeashock

Sleeper12 wrote: »

Someone shopping in a particular store is not fully confidential interaction. Did OP wear false beard and wig to hide their identity going into the shop?

So far OP hasn't posted that any personal information /data stored by the store has been shared. Fifty people could have seen OP walk into the store. If someone posted that OP bought condoms or medicine that could be a breach but to suggest stating that someone was seen in a public place is a GDPR breach is totally off the wall.

A pharmacy isn't a regular shop. Sensitive medical information is involved and so stricter standards apply.

Sleeper12

Kinslee Angry Scrabble wrote:

My attendance wasn’t the issue, the issue is my complaint was shared which was made privately with the pharmacist/manager who spoke to the staff member in question, who shared it with her friend who shared it publicly on Facebook.

This is the first time I have seen this information. Are you now saying that your medical condition was shared? We are pages into this thread and this would be information I'd expect to see in the opening post tbh

ytpe2r5bxkn0c1

Sleeper12 wrote: »

Someone shopping in a particular store is not fully confidential interaction. Did OP wear false beard and wig to hide their identity going into the shop?

So far OP hasn't posted that any personal information /data stored by the store has been shared. Fifty people could have seen OP walk into the store. If someone posted that OP bought condoms or medicine that could be a breach but to suggest stating that someone was seen in a public place is a GDPR breach is totally off the wall.

You don't seem to have grasped that a Private complaint was subsequently discussed with third parties and the OP was clearly identified. It was not something anybody could have just come across.

And, it has been accepted that it is really a customer issue that a strong GDPR one. It needs following up regardless. Or would you advocate just letting that kind of behaviour go unchallenged?

cnocbui

The Pharmaceutical Society of Ireland have a social media guide on their website, in which it states:

Derogatory, unsubstantiated, unsustainable or personal comments about patients, colleagues, other healthcare professionals or your place of work should not be made. Pharmacists should not engage in behaviour that could be perceived as harassment or bullying.

I am certain that any Pharmacist would consider that their employees would be subject to even higher standards of behaviour, to wit, never saying anything about what happens in connection to their employment to anyone outside of it. That would be a given for they themselves to be in compliance with the societies expectations of professional and personal conduct.

Darc19

Some posters are reading "pharmacy" and not reading the OP.

The op was not getting any medical requirements and therefore no data was accessed by the sales assistant. It was purely a retail transaction and the assistant knew the op's name from either talking to her or through people they both knew.

Therefore gdpr simply does not come into the equation.


Now, if the OP went in with a prescription and the assistant took the details from that data source, it would be a gdpr matter. But they didn't, so gdpr is not breached.

Sleeper12

FutureTeashock wrote:

A pharmacy isn't a regular shop. Sensitive medical information is involved and so stricter standards apply.

Hello! It's a public place.

Attending a particular pharmacy is not personal data. At the end of the day everyone goes into a pharmacy. Mentioning a particular pharmacy isn't a breach of GDPR. If OP walks into the store then it's a public place & public information. Now OP seems to have waited till page seven of the thread to add that their medical condition has been shared. At least I think that is what they are saying. This is most definitely a GDPR breach if true but simply walking into the pharmacy isn't

qo2cj1dsne8y4k

Sleeper12 wrote: »

This is the first time I have seen this information. Are you now saying that your medical condition was shared? We are pages into this thread and this would be information I'd expect to see in the opening post tbh

No no, sorry if I’m not clear.
I walked into the chemist. Lady approached me, I greeted her with hello and she responded and was really rude to me. I looked at her for a second and she was staring me down. I said, actually I’ll leave it. She replied “okay so” and I walked out. I rang pharmacy and spoke to manager who apologized and said she’d address it with staff member.

Few days later staff members brothers girlfriend posted it publicly to find another chemist to torment and when I messaged her privately (naming the chemist asking when she became spokeswoman) she screenshot it and shared it on social media. She followed it up with “please leave my in laws alone”

Sleeper12

Jenna Mushy Steel wrote:

You don't seem to have grasped that a Private complaint was subsequently discussed with third parties and the OP was clearly identified. It was not something anybody could have just come across.

This is new information only provided by the OP recently and not in the opening pages where it should be

qo2cj1dsne8y4k

Sleeper12 wrote: »

This is new information only provided by the OP recently and not in the opening pages where it should be

No I definitely posted it, I just don’t know if I was clear.
My prob isn’t that staff went home and said oh shoes was in today.

My prob is she went home and gave the opinion I was being a torment and not leaving the staff member in peace

Darc19

The op has me confused.

If the information was information that was spread was information gathered by the staff member through the files of the pharmacy or other data source such as prescription note. It is a gdpr breach and very serious for that staff member.

If the information was not obtained from the files of the pharmacy or something like a prescription and your name was known by the assistant anyway and no other details divulged, then it is not a gdpr breach as no saved data was accessed.


Now you could really go for the jugular and say that such publication of a Facebook post was defamatory and as the assistant was the person who provided the defamatory information, you wish for a written Apology and a token of compensation from the assistant.

Failing that, you will look at the legal route to obtain that apology.

the_pen_turner

its hard to nail down if this is gdpr issue or not. obviously its a confidentiiality issue and other.
if the OP has no contact to the woman inquestion then any info she has on her has come through her work at the pharmacy
knowing the OP rules out gdpr somewhat in relation to the OPs name etc
but the incident in the pharmacy is completely a work incedent.
so even if the ops name or the fact she uses x pharmacy was widly known ,the incedent is very much covered by gdpr.

qo2cj1dsne8y4k

The only reason she knows my name is through her work. I’ve been a customer of that chemist since before that girl and the brother even knew each other. She does not know me and has never met me outside of her job

Darc19

I still think it's pulling at threads to say it's gdpr as it's only your name and nothing of a sensitive nature.

She could have seen you in a Cafe and someone with her said, oh there's xxx.

Or simply saw your name on a credit card you handed over, or many other scenarios.

So stick with the customer service line and how you feel violated by the assistant giving such information to someone to post defamatory comment on Facebook.

As you said it's the staff member that is the issue, so they should bear the brunt of any penalty

Sleeper12

Kinslee Angry Scrabble wrote:

No no, sorry if I’m not clear. I walked into the chemist. Lady approached me, I greeted her with hello and she responded and was really rude to me. I looked at her for a second and she was staring me down. I said, actually I’ll leave it. She replied “okay so†and I walked out. I rang pharmacy and spoke to manager who apologized and said she’d address it with staff member.

Not a GDPR breach then. You were in a public place & obviously this can't be confidential as anyone can see you enter & leave.

I do totally agree that it is a terrible experience for you and I would expect that the sales as pays a high price. I'm of the opinion that anyone willing to engage in this type of social media bullying might not stop even after being sacked. Long term you might need to involve the police.

Sleeper12

Kinslee Angry Scrabble wrote:

My prob is she went home and gave the opinion I was being a torment and not leaving the staff member in peace

Not a GDPR breach.

the_pen_turner

Sleeper12 wrote: »

Not a GDPR breach.

yes it is.

the woman went outside her job and told a 3rd party that the OP has made a complaint against a staff member at x pharmacy.