Regulator fines Doorstop Dispensaree Limited £275,000 for data protection breach

The Data Protection Regulator, (the Information Commissioner’s Office), has now imposed penalty and enforcement notices on a pharmacy business supplying medicines to customers and care homes.  The business was found to have left approximately 500,000 documents in unlocked containers at the back of its premises in Edgeware.  Some were very wet suggesting they had been stored in this way for some time.  The documents included data about customers such as names, addresses, dates of birth, NHS numbers, medical information and prescriptions.  Information concerning a person’s health is ‘special category personal data’, and is given extra protection.  There are more stringent requirements on its processing.

Doorstep now has to take the steps required within 3 months of the date of the notice.  As well as the administrative fine, the steps include updating all of its data handling policies and operating procedures to comply with GDPR, provide data protection training to its staff, update its privacy policy and provide evidence to the regulator that the steps have been taken.

For data protection advice please contact Holly Dobson at

You may also like...

0 Response

Leave a Reply

This thread has been closed from taking new comments.