Rely on the most comprehensive, up-to-date legal content designed and curated by lawyers for lawyers
Work faster and smarter to improve your drafting productivity without increasing risk
Accelerate the creation and use of high quality and trusted legal documents and forms
Streamline how you manage your legal business with proven tools and processes
Manage risk and compliance in your organisation to reduce your risk profile
Stay up to date and informed with insights from our trusted experts, news and information sources
Access the best content in the industry, effortlessly — confident that your news is trustworthy and up to date.
With over 30 practice areas, we have all bases covered. Find out how we can help
Our trusted tax intelligence solutions, highly-regarded exam training and education materials help guide and tutor Tax professionals
Regulatory, business information and analytics solutions that help professionals make better decisions
A leading provider of software platforms for professional services firms
In-depth analysis, commentary and practical information to help you protect your business
LexisNexis Blogs shed light on topics affecting the legal profession and the issues you're facing
Legal professionals trust us to help navigate change. Find out how we help ensure they exceed expectations
Lex Chat is a LexisNexis current affairs podcast sharing insights on topics for the legal profession
Discuss the latest legal developments, ask questions, and share best practice with other LexisPSL subscribers
In late December the UK Data Protection Authority, the Information Commissioner’s Office (ICO), announced its first fine under GDPR. The fine was at the lower end of the scale after Doorstep Dispensaree Ltd., a company running a pharmacy based in Edgware in London, was fined £275,000. The ICO also issued an Enforcement Notice against the company requiring it to undertake a program of work to improve its data protection compliance within 3 months.
Under GDPR, organisations are obliged to put in place adequate technical and organisational measures (TOMs) to prevent unauthorised access to personal data. In this case Doorstep Dispensaree left 500,000 documents exposed showing names, addresses and medical information in unlocked containers in a courtyard at the back of its premises. Whilst there seems to have been no evidence of the data having been taken, the ICO felt that the pharmacy had not put adequate TOMs in place.
In July 2018 the ICO received a referral from the Medicines and Healthcare products Regulatory Agency (MHRA) which was conducting its own enquiry into the pharmacy’s alleged unlicensed and unregulated storage and distribution of medicines. The MHRA found 47 crates, two disposal bags and one cardboard box with documents containing personal data in unlocked containers at the back of the pharmacy’s premises. The MHRA seized the documents and put them in secure storage. The MHRA subsequently discontinued its investigation.
Steve Eckersley, Director of Investigations at the ICO said:
“The careless way Doorstep Dispensaree stored special category data failed to protect it from accidental damage or loss. This falls short of what the law expects and it falls short of what people expect.”
The company must also provide evidence to the ICO that those step
Access this article and thousands of others like it free by subscribing to our blog.
Read full article
Already a subscriber? Login
Jonathan is an experienced lawyer with a concentration on technology and compliance. His practice includes advising multinational companies on matters involving risk, compliance and technology across Europe. He has handled legal matters in more than 60 countries involving emerging technology, corporate governance, ethics code implementation, reputation, internal investigations, marketing, branding and global privacy policies. Jonathan has counselled a range of clients on breach prevention, mitigation and response. He has also been particularly active in advising multi-national corporations on their response to the UK Bribery Act 2010 and its inter-relationship with the U.S. Foreign Corrupt Practices Act (FCPA).
Jonathan is one of three co-authors of the LexisNexis definitive work on technology law, “Managing Risk: Technology & Communications”. He is a frequent broadcaster for the BBC and other channels and appeared on BBC News 24 as the studio guest on the Walport Review.
In addition to being a lawyer, Jonathan is a Fellow of The Chartered Institute of Marketing. He has spoken at conferences in the U.S., Canada, China, Brazil, Singapore, Vietnam, the Middle East and across Europe. Jonathan qualified as a lawyer in the UK in 1991 and has focused on technology, risk and governance matters for more than 20 years. In April 2017 Thomson Reuters listed Jonathan as the 6th most influential figure in risk, compliance and fintech in the UK. Jonathan was ranked as the 14th most influential figure in data security worldwide by Onalytica in their 2016 Data Security Top 100 Influencers and Brands Survey.
Jonathan is a Solicitor of the Senior Courts of England & Wales. In addition Jonathan is admitted as a Solicitor (non-practising) in Ireland.
0330 161 1234