• The Doorstep Dispensaree Ltd pharmacy has been slapped with a fine under strict data protection laws which came into effect in 2018. Doorstep Dispensaree Ltd left approximately 500,000 documents containing Special Category Data in unlocked containers at the back of its premises which saw the organisation ordered to pay a penalty of £275,000.

    Due to their sensitive nature, stringent security measures needed to be in place to protect the data under laws derived from the General Data Protection Regulation (GDPR).

    The GDPR defines Special Category Data as data revealing or concerning a person’s:

    • racial or ethnic origin
    • political opinions
    • religious or philosophical beliefs
    • trade union membership
    • genetic data
    • biometric data (where used for identification purposes)
    • health
    • sex life
    • sexual orientation

    The documents held by the pharmacy included names, addresses, dates of birth, NHS numbers, medical information and prescriptions. Despite the courtyard where the containers were found being locked, they were vulnerable to unauthorised or unlawful access. The ICO therefore held that the lack of security infringed the GDPR’s security and data retention obligations resulting in the fine.

    The ICO was also not satisfied with the pharmacy’s internal policies and privacy notices and issued an enforcement notice to the pharmacy under the Data Protection Act 2018 which gives the pharmacy three months to update all its policies and procedures, appoint an information governance lead or data protection officer, introduce mandatory and refresher training, update its privacy policy and provide evidence of compliance.

    If your business is a data controller or processor and you are concerned about GDPR compliance, contact Brachers Employment team for further information and advice.

    This content is correct at time of publication

    Can we help?

    Take a look at our Data Protection and GDPR page for useful information, resources, guidance, details of our team and how we may be able to help you

  • Get in touch

    Please fill out the below form or alternatively you can call us on 01622 690691

      By submitting an enquiry through 'get in touch' your data will only be used to contact you regarding your enquiry. If you subscribe to any of our newsletters, you can unsubscribe any time using the link in the email. Please view our privacy statement for more information