Pharmacists reminded of importance of GDPR

PDA members are reminded of the importance of complying with data protection regulations, after a pharmacy was fined £275,000 in the first use of fining powers under the General Data Protection Regulations (GDPR).

Fri 20th December 2019 The PDA

The UK data protection regulator, the Information Commissioner’s Office (ICO), has fined Doorstep Dispensaree Ltd £275,000 for failing to ensure the security of special category data. All pharmacists are reminded of the importance of following the General Data Protection Regulations (GDPR)

Pharmacies like any organisation need to make sure they keep individuals’ data secure and pharmacists should be confident that their employers are keeping both patient data and keeping the pharmacist’s own employee data secure and confidential in accordance with GDPR.

Doorstep Dispensaree Ltd, left some 500,000 documents relating to patients in unlocked containers at the back of its premises in Edgware. The documents included names, addresses, dates of birth, medical information, NHS numbers and prescription information.

The documents that were water damaged, were dated between June 2016 and June 2018. Failing to process data in a manner that ensures appropriate security against unauthorised or unlawful processing and accidental loss, destruction or damage is an infringement of the GDPR, which came into force in the UK in May 2018.

The ICO investigated the pharmacy after it was alerted to the insecurely stored documents by the Medicines and Healthcare Products Regulatory Agency, which was carrying out a separate inquiry.  The administrative fine was imposed under S.155 of the Data Protection Act 2018, which implements the GDPR. In setting the fine, the ICO considered the contravention only from 25 May 2018, when the GDPR came into effect.

The full ICO order is available to read and download here.

The Pharmacists' Defence Association is a company limited by guarantee. Registered in England; Company No 4746656.

The Pharmacists' Defence Association is an appointed representative in respect of insurance mediation activities only of
The Pharmacy Insurance Agency Limited which is registered in England and Wales under company number 2591975
and is authorised and regulated by the Financial Conduct Authority (Register No 307063)

The PDA Union is recognised by the Certification Officer as an independent trade union.

Cookie Use

This website uses cookies to help us provide the best user experience. If you continue browsing you are giving your consent to our use of cookies.