Pharmacy receives first ever fine for breaking GDPR rules

A pharmacy has been fined £275,000 for “cavalier” disposal of records about vulnerable care home residents, in the first fine issued for breaching GDPR rules.

The London company, which supplies medicines to thousands of elderly care home residents, will be forced to pay £275,000 for dumping 500,000 medical documents containing sensitive information outside in unlocked containers.

The documents included names, addresses, dates of birth, NHS numbers, medical and prescription information.

The Information Commissioners’ Office said the firm – Doorstep Dispensaree Ltd – had taken a “cavalier” attitude towards General Data Protection Regulation rules, which came in last year.

The company, on Burnt Oak Broadway in Edgware, was found to have left “approximately 500,000 documents” in unlocked crates, disposal bags and a cardboard box in a rear courtyard of the premises.

Steve Eckersley, Director of Investigations at the ICO said: “The careless way Doorstep Dispensaree stored special category data failed to protect it from accidental damage or loss. This falls short of what the law expects and it falls short of what people expect.”

According to an enforcement notice issued by the ICO, the documents contained names, addresses, dates of birth, NHS numbers, medical information and prescriptions.

The ICO said…

Read The Full Article