Back to Cases
technologyHealthcare · 2020
Doorstep Dispensaree Ltd
Doorstep Dispensaree, a pharmacy delivering medication to care homes, was fined after ICO inspectors discovered approximately 500,000 documents — including patient names, addresses, dates of birth, NHS numbers, medical conditions, and prescription details — stored in unlocked caged trolleys in an external car park, exposed to the elements and accessible to anyone. The documents, some dating to 2016, had no document retention schedule or secure destruction procedures. The ICO found the pharmacy had failed to implement any of the basic physical security measures required for health records.
Fine Imposed€321,750.0
Authority
ICO-UK
Regulation
UK General Data Protection Regulation + Data Protection Act 2018
Max fineHigher tier: £17.5M or 4% of global annual turnover; standard tier: £8.75M or 2%
Statusactive
Key Takeaways
- Physical security of paper health records is fully subject to UK GDPR requirements — pharmacies and care providers must apply the same rigour to physical document storage and destruction as they do to digital data security.