Online pharmacy, Doorstep Dispensaree Ltd, has received the first fine under the new data protection rules in what also represents an example of inter-agency co-operation that members of the regulated professions should be aware of.
In July 2018 the Information Commissioner was informed by the Medicines and Healthcare products Regulatory Agency (MHRA) of its own investigation for the alleged unlicensed and unregulated storage and distribution of medicines. The MHRA’s investigation found that sensitive personal data had been left in 47 crates, two disposal bags and one box containing approximately 500,000 documents stored in a courtyard.
Doorstep Dispensaree was found to have contravened numerous articles of GDPR and the Information Commissioner considered them to have a ‘cavalier attitude to data protection’ imposing a fine of £275,000.
The penalty notice can be read in full here.
Those involved in the medical and dental professions handle sensitive information on a daily basis. How that information is handled is under ever greater scrutiny since the introduction of GDPR. With the co-operation demonstrated between the MHRA and the ICO no one can afford to ignore the issues arising in this case.
Connor Michaels, BLM
connor.michaels@blmlaw.com