Doorstep Dispensaree Ltd,
Doorstep Dispensaree Ltd, was fined £275,000 by the Information Commissioner's Office (ICO) in December 2019
for GDPR non-compliance, specifically for carelessly storing hundreds of thousands of patient documents
containing sensitive personal and health data in unlocked containers in an unsecured area, breaching data
security rules. This marked the ICO's first GDPR fine, highlighting failures in protecting patient information under
GDPR regulations.
Details of the Fine:
Company: Doorstep Dispensaree Ltd (a London-based pharmacy).
Fine Amount: Initially £275,000, later reduced to £92,000 after an appeal.
Reason: Failure to ensure appropriate security for personal data, including names, addresses, NHS numbers,
medical details, and prescriptions, stored in unlocked boxes and bags.
ICO Statement: The data was left unsecured, failing to protect it from accidental loss, damage, or unauthorized
access, violating GDPR's data security principles.
This case serves as a significant reminder for healthcare providers about the strict requirements for handling
sensitive patient data under GDP
There has been hundreds of other GDPR related claims to UK pharmacists but most of these have been settled
out of court and have not gone onto the public records.
Rockwell Data corp