Doorstep Dispensaree Gets UK Fine for GDPR Violations

Written by: Richard Sheinis, Esq.

Doorstep Dispensaree, a London-based pharmacy which supplies medicine to individuals and care homes, left approximately 500,000 documents in unlocked containers stored in a courtyard at one of its premises.  Documents contained personal data including names, addresses, dates of birth, medical and prescription information.  The documents were not secure, and the condition of the documents indicated they had been stored outdoors for some time.  This violated GDPR’s principle of integrity and confidentiality of personal data.

In addition to a fine of £275,000 for failure to properly secure these documents against unauthorized access or accidental destruction, Doorstep Dispensaree has also been ordered to update all policies and procedures to ensure they meet GDPR standards.  They also must train all staff on following appropriate policies.