First UK Organisation to receive a GDPR fine
Doorstep Dispensaree has been fined €320,000 for failing to comply with the GDPR (General Data Protection Regulation), making it the first organisation in the UK to be penalised for breaching its requirements.
The London-based pharmacy, which supplies medicines to thousands of care homes, left about 500,000 documents containing personal data in unlocked containers in the back of its premises.
The documents, dating from June 2016 to June 2018, included patients’ names, addresses, dates of birth, NHS numbers, medical information and prescriptions.
What went wrong?
The company had stored some 500,000 documents containing names, addresses, dates of birth, NHS numbers and medical information and prescriptions in unsealed containers at the back of the building and failed to protect these documents from the elements, resulting in water damage to the documents.