InsightsInsight - Data Protection and GDPR - POSTED: February 26 2020
First fine issued for data protection breach
The Information Commissioner’s Office (ICO) has issued a fine to London pharmacy, Doorstep Dispensaree Ltd, for failing to keep sensitive personal data securely.
- Share this article
- Print this article
The Doorstep Dispensaree Ltd pharmacy has been slapped with a fine under strict data protection laws which came into effect in 2018. Doorstep Dispensaree Ltd left approximately 500,000 documents containing Special Category Data in unlocked containers at the back of its premises which saw the organisation ordered to pay a penalty of £275,000.
Due to their sensitive nature, stringent security measures needed to be in place to protect the data under laws derived from the General Data Protection Regulation (GDPR).
The GDPR defines Special Category Data as data revealing or concerning a person’s:
- racial or ethnic origin
- political opinions
- religious or philosophical beliefs
- trade union membership
- genetic data
- biometric data (where used for identification purposes)
- sex life
- sexual orientation
The documents held by the pharmacy included names, addresses, dates of birth, NHS numbers, medical information and prescriptions. Despite the courtyard where the containers were found being locked, they were vulnerable to unauthorised or unlawful access. The ICO therefore held that the lack of security infringed the GDPR’s security and data retention obligations resulting in the fine.
If your business is a data controller or processor and you are concerned about GDPR compliance, contact Brachers Employment team for further information and advice.
This content is correct at time of publication
Can we help?
Take a look at our Data Protection and GDPR page for useful information, resources, guidance, details of our team and how we may be able to help you
Get in touch
Please fill out the below form or alternatively you can call us on 01622 690691