Kinslee Angry Scrabble wrote: » I wouldn’t be as mad if she contacted me privately but she posted it as a Facebook status the mad bitch
Kinslee Angry Scrabble wrote: No, the staff member gossiping about me outside of work
Dav010 wrote: » Op, Can we take it for granted that the info did not come from another customer in the shop? To those who say this is not a GDPR issue, you are incorrect. Also, it could be more serious than that for the pharmacy, a customer has a right to expect confidentiality when getting medications, this includes the conversation. In this case, the op was identified, and private details about the conversation were given to another member of the public by a staff member. If you google, you will find a well publicised case of where a member of staff at a health clinic discussed details about treatments and personality of patients at a party, a few mins later those details were on Facebook, the clinic is now closed. The potential downside for you op, is that if you have a history of being difficult to deal with, other health care/medication providers may be wary of accepting you as a patient/customer. As a Clinic owner, I would look at this as a serious breach of confidence, the staff member acted wholly unprofessionally in every way. After hearing all the facts, disciplinary action would certainly be considered.
Kinslee Angry Scrabble wrote: » Info 100% didn’t come from another customer.
Sleeper12 wrote: » It has nothing to do with GDPR though
joeguevara wrote: » It could simply be a case of said person seeing an altercation in the pharmacy and calling you out on Facebook. (no gdpr issue) It could be a case of pharmacist venting about you to said person and they take it on themselves to call you out on Facebook. (possible gdpr issue but impossible to prove) Or it could be a case of pharmacist disclosing and your information and then you being called out (gdpr issue but only way of proving it is if they disclosed it through pharmacy email/social media). Firstly change pharmacy. No one Ned's to feel bad in the way they are treated. As for the rest, because of difficulty in proving best to move on. However if you feel sensitive medical information was disclosed follow up with data protection commissioner. Report post to Facebook and follow up with said person if they overstepped.
Dav010 wrote: » The op does not need to prove the breach unless he/she is looking for a pay out, if the op wants to make a point, the complaint alone will have the desired effect when it reaches the owner.
joeguevara wrote: » I hate data breaches. But in this situation it is more than likely a busy body overhearing as they were queuing up. If there is a complaint the DPC will ask what happened. There is probably no paper trail even if it was done by pharmacist. In my experience nothing would come out of it... Id be more inclined to bring it up with the person who siad it publicly on facebook
Kinslee Angry Scrabble wrote: » There was no other customers in the chemist
Dav010 wrote: It has to do with both patient confidentiality and GDPR. The op was identified, and personal data in the form of his/her interaction with the chemist was not only breached, but also published online. You may not have an expectation of confidentiality with conversations with your local shopkeeper, they may not collect data on you, Chemists most certainly do, they have your name address, Med card number, Med conditions, medications, GP etc, breaches of any type, including confidential conversations are both the above.
Sleeper12 wrote: » Definitely not GDPR. OP didn't get any further than a greeting from the sales assistant. No personal data was taken, processed or stored by the business. Sales assistant needs to be sacked for being a right tit but nothing OP has said so far falls under GDPR
joeguevara wrote: » Fair enough... So the person who served you was abrupt....and her brother posted a message to you publicly on Facebook.. The fact you know its her brother and the fact that they found you on Facebook doesn't necessarily make it a GDPR issue... Makes it an everyone knows everyone issue. Take it up with the guy who messaged you... Don't waste your time with going down a data protection route because based on the information posted is impossible to prove. If specific medical information was mentioned then yes.. But it's akin to a sister telling a brother that she had a bad experience in a pub and then it being posted on Facebook... People should sort the issue with the person rather than going straight to GDPR.
Kinslee Angry Scrabble wrote: Fast forward tonight, this ladies brothers girlfriend posted up a Facebook message advising me to find another chemist to torment. This lady is a 3rd party not associated with the chemist either now or in the past.
Princess Calla wrote: Yeah but she's a regular client since childhood so everything is in the system so easily accessed.
Sleeper12 wrote: » You need to read the OP. Sales assistant didn't post anything. A 3rd party did. The only thing posted was not to use this particular pharmacy. Message didn't come from the shop or sales assistant. First there is no proof that sales assistant has anything to do with it and second there is no proof that the information was gathered in another way. The information posted identified OP as a client of the pharmacy but anyone seeking OP enter the shop will have this information. The information gathered by the shop, medical records & address haven't been shared.
Jenna Mushy Steel wrote: » Ok so GDPR may, or may not, be the wrong term to use. But this is more than 'everyone knows everyone'. It's about somebody working in a business talking to others about people or events pertaining to the business and that should not be broadcast on social media. As for sorting it with the person, why should the OP do that? The employer can sort it with them. I don't think the OP is necessarily going the data protection route but is simply looking for action as a result of highly unprofessional behaviour by a staff member.
Jenna Mushy Steel wrote: Yes, the 3rd party used telepathy to know what had happened in the chemists. It's clear the staff member went the cheap gossiping route.
Princess Calla wrote: The third party wasn't in the pharmacy, therefore there is no way they could know about the incident unless the sales assistant told them.
Kinslee Angry Scrabble wrote: Like I said too, If she doesn’t like me that’s fine, she shouldn’t have approached me with the sole intention of being rude. I tried address it with the person who posted it up online, she screenshot my message and posted it up online too. She sent me a message then telling me to “leave my in laws in peaceâ€.
Sleeper12 wrote: » Unless I missed something here all op has said is that people on Facebook stated on Facebook that op needs to find another pharmacy. I didn't read how they gave an account of what happened in the shop on Facebook? Let's be very clear here, the fact that someone uses a particular pharmacy can be public knowledge. You don't need to be a staff member to have this information. None of OPs information stored by the pharmacy was leaked or misused. There is not a hope in hell of getting a ruling in the favour of the op on gdpr legislation. Op should go to shop owner and tell what happened with screen shots. No shop owner wants a client told not to come back to the store. I have not doubt shop owner will take action in this case but shouting GDPR will not get OP anywhere.
Sleeper12 wrote: » They sound like scumbags who use social media for bullying
Kinslee Angry Scrabble wrote: Considering I no longer live locally to the chemist, (think 30 miles away) and work elsewhere too, and happened to be back in that pharmacy specifically 4 days before she made the comment, I think it’s safe to say it was divulged I was there, and following it up with “leave my in laws in peace†cements the fact she knows what went on and she has no right to, much less broadcast it on social media.