Data security roles

Data security roles

Published on: 19th January 2021 | Updated on: 2nd April 2026

Every pharmacy must have clear responsibilities for data security and information governance (IG). In smaller pharmacies, one person may cover several of these roles.

The Data Security and Protection Toolkit (Toolkit) includes questions about these roles and responsibilities. Assigning roles in the Toolkit also updates your organisation profile.

IG lead and/or Senior Information Risk Owner (SIRO)

The person responsible for leading on data security and managing information risk within the organisation.

Superintendent pharmacist

The superintendent pharmacist oversees the professional and clinical management of the pharmacy, including the safe sale and supply of medicines.

Caldicott Guardian

The National Data Guardian recommends that health and social care organisations appoint a Caldicott Guardian to protect patient confidentiality and ensure appropriate use of health data.

Pharmacy owners are not required to appoint a registered Caldicott Guardian, but may choose to do so. Someone senior—such as the IG lead—should already take responsibility for confidentiality and appropriate data use.

Helpful resources:

A Caldicott Guardian can also be appointed across multiple pharmacies.

Data Protection Officer

The DPO role is defined under GDPR. The DPO advises on compliance and should have expert knowledge of data protection law.

Pharmacies must have a DPO. Guidance at the ICO website.

Templates

Pharmacy owners can download and adapt: Data security (DS) and IG template 21: Data security roles (see DS templates webpage).

Return to the Pharmacy IT hub

For more information on this topic please email comms.team@cpe.org.uk

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
is-pharmacy	30 days	Hides the 'Do you work in community pharmacy?' hero prompt if the user has already selected 'yes'

CPE Comms: Are you getting what you need from us?

Latest Digital & Technology news

New NHS.net Connect Launchpad homepage – rolling out

Data Security and Protection Toolkit 2026: Are you working through it?

Detained estate EPS prescribing: medicines supply process update

Pharmacy owners with more than one premises: Do you know your NHS POC code?

Clamping down on inappropriate EPS nomination and service direction

Pharmacy IT workstreams update published as IT group meets

Data Security and Protection Toolkit 2026 workshop now on-demand

New NHS Standard for the Reasonable Adjustment Digital Flag (RADF)

Respecting Patient Choice for EPS nominations – an update

Pharmacies urged to be alert to GDPR themed scam emails

Data Security & Protection Toolkit 2026: Community Pharmacy England guidance available

Register for our Data Security and Protection Toolkit 2026 Workshop