Doorstep Dispensaree pays up for endless GDPR appeals

Doorstep Dispensaree, the company that had the dubious honour of being the first to be slapped with GDPR fine in the UK, has learned the hard way that sometimes, just sometimes it is better to let it lie.

The Information Commissioner’s Office issued the business with a £275,000 penalty in December 2019 for failing to store “special category data” securely.

At the time, the ICO ruled the firm – which supplies medicines to customers and care homes – left nearly 500,000 documents in unlocked containers at the back of its premises in Edgware. The documents included names, addresses, dates of birth, NHS numbers, medical information and prescriptions belonging to an unknown number of people.

It originally served the firm with a notice of intent for a £400,000 penalty but this was reduced following “representations” made to the regulator.

However, Doorstep Dispensaree still felt hard done by and launched a partially successful appeal at the Upper Tribunal, with Judge Moira Macmillan taking “a number of issues” into consideration, including the financial hardship suffered by the company. She concluded that the fine be reduced to £92,000.

But the firm still was aggrieved so it launched a third appeal in an attempt to throw out the fine all together.

Sadly for Doorstep Dispensaree, however, it was a case of three strikes and you are out with an Upper Tribunal judge rejecting the firm’s arguments and ruling there was no fault in the ICO’s legal reasoning. The judge also rejected an attempt to have the penalty classified as a criminal charge.

Whether Doorstep Dispensaree will try a fourth time is not known but one thing is certain, for a company which claimed to be suffering hardship, it does not seem to have any trouble totting up a large legal bill.

Share with friends and colleagues

Related Articles