Case Study: Doorstep Dispensaree Ltd

Protect your organisation from ICO fines, legal action, and data breach risks by ensuring your suppliers are fully UK GDPR compliant.
Doorstep Dispensaree Ltd, a London-based pharmacy, was fined by the Information Commissioner’s Office (ICO) in December 2019 for serious GDPR non-compliance. The breach involved the careless storage of hundreds of thousands of patient records containing highly sensitive personal and medical data.

Nature of the Data Security Failures

The company failed to implement appropriate technical and organisational measures to safeguard patient information. Confidential documents were stored in unlocked containers and bags in an unsecured location, exposing them to loss, damage, and unauthorised access.

Details of the ICO Fine

  • Organisation: Doorstep Dispensaree Ltd

  • Sector: Healthcare / Pharmacy

  • Original Fine: £275,000

  • Final Fine (after appeal): £92,000

  • Regulator: Information Commissioner’s Office (ICO)

Types of Data Compromised

The unsecured records included:

  • Patient names and home addresses

  • NHS numbers

  • Medical and health-related information

  • Prescription details