Late last year the UK Information Commissioner’s Office issued its first formal monetary penalty notice under the GDPR. The ICO fined Doorstep Dispensaree £275,000 for, among other things, failing to keep sensitive data securely and providing an inadequate privacy notice to data subjects.

This fine was based on a number of fundamental breaches by Doorstep Dispensaree: for example, most of its internal policies had not been updated since before the entry into force of the GDPR. However, it still provides some useful practical lessons for those with a more sophisticated compliance program, and an insight into the enforcement priorities of the UK regulator.

Click here to read on about the key takeaways from this issuance.


Ben advises clients in a wide range of industry sectors, focusing in particular on data protection compliance, including healthcare, financial services, adtech, video games, consumer and business-to-business organisations. Ben regularly assists clients with global data protection compliance projects and assessments as well as specific data protection challenges such as international transfers and data security breaches. Ben is also regularly involved in drafting and negotiating data protection clauses in agreements for various clients in a wide range of industry sectors. Ben also regularly advises clients on electronic direct marketing and cookies.