Data Protection Academy » Data Protection News » Privacy fine for pharmacy in London

A person holds five euro notes in his hand. A symbolisation for the data protection fine for pharmacy in London

Privacy fine for pharmacy in London

Date: 20.12.2019

Responsible body: Doorstep Dispensaree Ltd

Nature of the data protection breach: Security of data of special categories not guaranteed

The head of the UK's data protection watchdog has fined a London-based pharmacy a £275,000 data protection fine for failing to ensure the security of special category data.

Doorstep Dispensaree Ltd, which supplies medicines to customers and nursing homes, has left around 500,000 documents in unsealed containers at the back of its premises in Edgware. The documents contained names, addresses, dates of birth, health insurance numbers, medical information and prescriptions belonging to an unknown number of people.

The documents, some of which were not adequately protected against the weather and therefore suffered water damage, were created between June 2016 and June 2018. Failure to process the data in a manner that ensures appropriate security against unauthorised or unlawful processing and accidental loss, destruction or damage is a breach of the General Data Protection Regulations (GDPR) represent

The infringement was discovered after the health authority carried out a separate investigation of the pharmacy.

Categories of data: names, addresses, dates of birth, health insurance numbers, medical information, prescriptions

Country: Great Britain

Fines: 275,000 pounds

SourceEuropean Data Protection Supervisor 

Back to the overview of the data breaches

Caroline Schwabe
Latest posts by Caroline Schwabe (see all)

This might interest you too:

Examples of GDPR fines: what happens in data protection

GDPR infringements are punished with heavy fines. Find out which data protection infringements are suspected and secure yourself.

Italian data protection supervisory authority imposed 27.8 million fine

The telecommunications operator was found to be involved in unlawful processing for marketing purposes. millions of people were affected.

Data protection fine imposed on the Municipality of Oslo Education Authority

120.000 € because the security of the app "Skolemelding" for communication between school staff, parents and pupils was not guaranteed.