Here are some examples of Doctors surgeries being fined and sued for
Data Breaches due to Non GDPR Compliance.
GDPR/Data Protection breaches by the ICO, with examples including a £40,000 fine in 2016 for releasing
confidential patient details and another £35k fine in 2018 for leaving records behind, highlighting failures in
procedure and security, though fines are less common now than reprimands or enforcement notices for
general breaches. While individual doctors aren't usually fined directly, the organisations they work for are
held accountable for protecting patient data.
Examples of Fines/Actions Against UK Practices:
2016: A GP practice received a £40,000 fine for disclosing a patient's confidential information to an ex-
husband due to inadequate procedures for handling requests and lack of physical checks, under the then
Data Protection Act 1998 (precursor to GDPR).
2018: Bayswater Medical Centre was fined £35,000 for discarding sensitive patient records at an empty
surgery for 18 months, demonstrating poor data disposal in an unsecured courtyard.
HCA International (Private Healthcare, 2017): Fined £200,000 for failing to secure sensitive IVF data,
which was sent unencrypted via email to a subcontractor.
Rockwell Data corp