Search
Close this search box.
AI-based solution designed to automate personal data discovery and classification
Discover personal data across multiple systems in the cloud or on-premise
Turn data subjects request into an automated workflow with a clear insight into data every step of the way
Collaborate with stakeholders and manage DPIA and LIA in real-time with Assessment Automation
Privacy portal allows customers to communicate their requests and preferences at any time
Introducing end-to end automation of personal data removal

Latest Blog posts

Learn the terms

General Data Protection Regulation

Here you can find the official content of the Regulation (EU) 2016/679 (General Data Protection Regulation) in the current version. All Articles of the GDPR are linked with suitable recitals.

Latest papers

ICO Issues First GDPR Fine to a Pharmaceutical Company

ICO Issues First GDPR Fine To A Pharmaceutical Company

On 20 December 2019, the UK’s independent regulator for data protection and information rights law Information Commissioner’s Office (ICO), issued a €320,000 (£275,000) GDPR fine to a Doorstep Dispensaree pharmacy based in London.

The ICO’s fine was based on the fact that the pharmacy had insufficient technical and organizational measures to ensure the security of a special category of data.

To be more exact, the Doorstep Dispensaree, stored approximately 500,000 documents dated between June 2016 and June 2018, with patients’ names, addresses, dates of birth, and other medical records in unsecured and unprotected storage.

The ICO stated:

Doorstep Dispensaree Ltd, which supplies medicines to customers and care homes, left approximately 500,000 documents in unlocked containers at the back of its premises in Edgware. The documents included names, addresses, dates of birth, NHS numbers, medical information and prescriptions belonging to an unknown number of people.”

The Doorstep Dispensaree was also issued an enforcement notice and was ordered to improve its data protection practices within three months. Failure to do so could result in further enforcement action.

The enforcement notice addresses violations of the fundamental data protection principles outlined in Article 5 of the GDPR, encompassing key aspects such as lawful processing, fairness, transparency, and the responsible handling of personal data.

Additionally, it pertains to infringements concerning data subject’s rights, focusing on the information provided to individuals when their personal data is collected.

Furthermore, the notice highlights breaches in the obligations of the data controller, emphasizing compliance measures outlined in Articles 24(1) and 32, which involve ensuring data security and demonstrating adherence to GDPR regulations.

Request a Data Privacy Manager demo

Let us navigate you through the Data Privacy Manager solution and showcase functionalities that will help you overcome your compliance challenges.

Scroll to Top