Newsroom
The Office of the Commissioner for Personal Data Protection has clarified how personal information should be handled in pharmacies under Cyprus’s General Healthcare System (GeSY), stressing that while collecting identification details is necessary, it must be done with care and discretion.
According to the announcement, pharmacies are required to verify beneficiary identity in order to correctly dispense prescriptions, provide eligible medical products, and prevent misuse of the system. This process is considered lawful and essential for the system to function properly.
At the same time, the Commissioner stresses that data collection must follow the principles set out in the EU’s General Data Protection Regulation. These include limiting data to what is strictly necessary and ensuring that information remains secure and confidential.
A key point in the guidance is that personal details should never be spoken aloud in a way that others nearby can hear. This applies to both pharmacists and patients. Saying names, ID numbers, or birth dates within earshot of third parties is considered inappropriate and should be avoided.
Pharmacists are expected to adopt practices that protect privacy during these interactions. Suggested methods include showing only the required parts of an ID, writing down necessary details and disposing of the paper immediately afterward, or using a barcode available through the GeSY beneficiary portal.
Responsibility also extends to patients themselves. Even if asked to provide information verbally, individuals are encouraged to refuse and instead use more discreet alternatives. If anyone encounters practices that appear inconsistent with data protection rules, they have the option to file a complaint with the Data Protection Authority for review.
