Doorstep Dispensaree receives the first GDPR fine in UK
domestic abuse data breach

Doorstep Dispensaree receives the first GDPR fine in UK

Sign-up to a data breach claim today - use our quick and easy form to begin your claim for thousands of pounds in compensation.

Start Your Claim
Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy

solicitors regulation authority

It’s official: the first GDPR fine in the UK has been issued to Doorstep Dispensaree for data protection breaches that spanned across a two-year period.

This one involves medical data, which is some of the most personal and sensitive forms of data that there is. Medical data breach compensation claims account for a large proportion of the legal cases that we take forward because of how common they can be, and because of the impact on victims. The impact is often severe because this is the kind of information that we do not want to be misused or exposed.

The breach period, in this case, is between June 2016 and June 2018, which means that it just falls within the GDPR start period from May 2018. The Information Commissioner’s Office (ICO) was reportedly alerted to the breach by the Medicines and Healthcare Products Regulatory Agency (MHRA) who were conducting unrelated enquiries.

First GDPR fine issued in the UK

London pharmacy company, Doorstep Dispensaree, has officially been issued with the first GDPR fine here in the UK.

It has been fined the sum of £275,000.00 for what the ICO has called “failing to ensure the security of special category data.” The penalty has been issued in light of some 500,000 documents reportedly being left in unlocked containers at the rear of its Edgeware premises. Documents that were being stored insecurely contained personal information for the data subjects, including names, addresses, birth dates, NHS numbers and medical data.

It’s also understood that some of the documents had been damaged from water exposure.

The ICO has considered the contravention from when the GDPR came into effect when it decided the level of the fine to be issued. Director of Investigations at the ICO, Steve Eckersley, said:

“The careless way Doorstep Dispensaree stored special category data failed to protect it from accidental damage or loss. This falls short of what the law expects and it falls short of what people expect.”

What about the BA and Marriott fines?

You may recall news about the BA and Marriott fines that have hit the headlines, with penalty figures in the sum of £183m and £99m respectively.

Neither of these is officially the first GDPR fine to be issued as they are, at this stage, notices of an intention to fine. The amounts are provisional and are subject to appeals, which we understand are being made.

In the case of Doorstep Dispensaree, their GDPR fine is being classed as the first official one here in the UK, which we assume to be the final fine in this matter.

Claims: separate to fines

The first GDPR fine is likely to be the first of many as the UK’s data watchdog now has greater powers to issue more substantial penalties for offenders.

But it’s important to understand that the rights for victims are dealt with in a different way. Money from penalties isn’t designed to be used as compensation for the victims, which is where we come in. As specialist data breach lawyers, we represent victims who can be entitled to claim compensation for any distress and/or financial losses caused.

In medical data cases, data breach compensation amounts can be significant given how personal and sensitive this kind of information can be. We recognise this when we represent victims on a No Win, No Fee basis for claims, and you can speak to our team today for free, no-obligation advice about your options.

Start Your Claim

You can call our claims team free from a landline or mobile on 0800 634 7575 or click on the link below to create a call back with one of our expert Data Claims team.Information on how we handle your data is available in our Privacy Policy.

We offer genuine No Win, No Fee agreements for our clients. Why we do this is simple:

Leading Data Breach Lawyers
Our experience speaks for itself.
We will fight for your right to compensation.
Access to Justice
As a victim of a data breach or hack, you deserve your chance to get access to justice.
Risks Assessment
We carefully risk assess your case and take it on if we think we have a good chance of winning the claim.

Request A Callback From Our Team

Fill out our quick call back form below and we'll contact you when you're ready to talk to us.

Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy

solicitors regulation authority

Contact is © of Your Lawyers Limited - we are 'Authorised and Regulated by the Solicitors Regulation Authority (SRA number 508768)'
arrow-up icon