A suburban pharmacy in London has become the first UK company to be issued with a fine under the General Data Protection Regulation rules. Doorstep Dispensariee Ltd, a pharmacy based in Edgware, was handed a £275,000 penalty by the Information Commissioners Office for its “cavalier attitude to data protection”.

The ICO has proposed a fine of £183m on British Airways and £99m on hotel chain Marriott over data breaches at their respective organisations, but the only fine the ICO has followed through with so far is the £275,000 fine levied on Doorstep Dispensaree in December regarding the disposal of records about vulnerable care home residents.

According to reports, approximately 500,000 documents which included patient names, dates of birth, NHS numbers, medical information and prescriptions were left at back of premises. Under the GDPR, data must be handled in a way that ensures appropriate security against unauthorised or unlawful processing and accidental loss, destruction or damage. Failure to act in accordance with the latest data protection requirements will result in financial repercussions for offending businesses.

The company was also issued with an enforcement notice to improve its data protection processes within three months or face further penalties.

Steve Eckersley, director of investigations at the ICO said: “The careless way Doorstep Dispensaree stored special category data failed to protect it from accidental damage or loss. This falls short of what the law expects and it falls short of what people expect.”

GDPR was adopted on 14th April 2016 and became enforceable on the 25th May 2018.

Share Story: