THE CONSEQUENCE OF BREACH OF GDPR IS 275.000£ FOR PHARMACY COMPANY

30 December 2019

London based pharmacy company, “Doorstep Dispensaree Ltd.” has been fined 275.000£ by the Information Commissioner’s Office(“ICO”) because of the reason that the company failed to provide the sufficient level of protection to special category data. Around 500.000 documents were stored in unlocked containers under the responsible of the company. Those documents contained names, addresses, dates of birth, NHS numbers, medical information and prescriptions belonging to unknown number of people.  

In light of the General Data Protection Regulation (“GDPR”), companies must provide adequate protection to personal data for events in the case of unauthorised or unlawful processing and accidental loss, destruction or damage. Documents inappropriately stored by Doorstep Ltd. were water damaged. The investigation was initiated by the ICO upon the alert of the Medicines and Healthcare Products Regulatory Agency which was also carrying out its own enquiry into the pharmacy.

In addition to the fine, enforcement notice has been given to doorstep Dispensaree so that they shall improve its data protection practices within 3 months.

Full details of investigation can be found here.

Should you have any queries and/or remarks, please do not hesitate to contact us.

Kind regards,

Zumbul Attorneys-at-Law

info@zumbul.av.tr