Would you like to download our mobile app from the App Store?Download
It’s a common misconception that GDPR only applies to electronic data, but in actual fact physical records and data are also caught under the Act.
Late last year, the ICO prosecuted a London pharmacy for its poor paper record storage.
£275,000 fine for poor paper record storage
The pharmacy in question kept patient data at the back of its premises in old, unlocked crates. An estimated 500,000 documents were stored there, some of which were water-damaged because they weren’t protected from weather. The company was fined £275,000 and received national press coverage for being the first company fined for breaching GDPR rules.
The documents were no longer needed but hadn’t been securely destroyed. They contained detailed medical information and the ICO determined that the company had failed to consider the risks of the data processing being carried out.
Top tips for better paper record storage
There are several other lessons from this fine, and the ICO has clearly stated it expects ‘special category’ data to be treated with the utmost care. Make sure you are storing your paper records compliantly under GDPR!
Reproduced with thanks to Astrid GDPR.