While there was a lot of news coverage relating to security breaches by British Airways and Marriott International in July 2019, these were only intentions to fine and not the actual fines themselves (though we may receive confirmation on these shortly) but, just before the Christmas break, 20th December, the ICO issued its first GDPR fine of £275,000 on a London pharmacy, Doorstep Dispensaree Ltd.
The ICO not only issued a monetary penalty but said the pharmacy had to carry out changes to its data protection compliance within 3 months and provide evidence of these changes.
Click here to read the ICO’s announcement.
As part of the ICO investigation the pharmacy was asked to provide information such as a copy of its privacy notice, retention policy, and a policy relating to secure disposal of personal data.
When the pharmacy provided this documentation to the ICO, they were considered to be mostly non-compliant with the GDPR, policy templates which hadn’t been finalised and implemented, and documents that included little practical guidance to staff on their responsibilities.
It’s important to note the ICO’s focus on examining policies, procedures and training. Organisations need to be ready to explain to the ICO their GDPR compliance framework including any ongoing compliance gaps.
At Xynics we offer GDPR audits, training and help with designing and implementing documentation to suit your business needs. We can also be your out-sourced data protection team.
To discuss any of these services please contact us on 01604 807120 or firstname.lastname@example.org