Doorstep Dispensaree Ltd GDPR Data Breach Compensation Claims Guide – How To Claim?

My Data Privacy Was Breached By Doorstep Dispensaree, Could I Claim Compensation?

In this article, we are going to review a case where a London-based pharmacy, Doorstep Dispensaree, was fined £275,000 following a breach of data protection rules. Since the implementation of the General Data Protection Regulation (GDPR), data safety laws have been tightened. That means that sensitive and personal information about patients must be kept secure by pharmacies. As we progress through this guide, we are going to look at what potential harm could result from the GDPR data breach by Doorstep Dispensaree Ltd. Furthermore, we will look at the evidence needed to recover compensation for the damage caused by a breach and what you could include within your claim.

Doorstep Dispensaree Ltd data breach compensation claims guideIf you have evidence that you’ve been impacted by a data breach and would like to know if you are entitled to start a compensation claim, Legal Helpline can guide you through the process.

Our team offers a telephone consultation as well as free legal advice on how to proceed. You don’t have to claim after your free advice but one of the data breach lawyers on our panel could represent you if your claim is accepted. Importantly, our panel of lawyers offer a No Win No Fee service for all claims they work on. This makes the whole process a lot less stressful.

If you would like to know more about how we could help with your claim, why not get in touch today? Our team can be contacted on 0161 696 9685. If you want to know more about what can be included in data breach claims, please continue reading this guide.

Select A Section

A Guide On Claims For A Data Breach By Doorstep Dispensaree Ltd

The GDPR came into force in 2018 and was enacted into UK law in the form of the Data Protection Act 2018. Together, these laws give you, the data subject, more control over who uses your personal information and how they use it. Any organisation (the data controller) who wishes to use data about you now needs a lawful reason to do so. That may mean they have to tell you when your data is going to be used and gain your consent before doing so.

Additionally, the new laws mean data processors and controllers must implement procedures and systems to keep personal data safe. Should they fail to do so, the Information Commissioner’s Office (ICO) could step in and investigate personal data breaches. We should let you know, though, that the ICO is unable to help you with compensation claims. If you wish to be paid for the suffering that results from a GDPR breach, you will need to take your own action.

If you are going to claim, you will need to do so inside the relevant time limit. For most claims, you will get 6-years to begin. Please be aware though that some claims have a 1-year time limit if they are based on human rights breaches.

As we continue, we will provide some examples of how breaches could occur within pharmacies. Whether they are caused by organised criminal activities or because your medical records weren’t destroyed correctly, you could make a claim if the breach causes you to suffer.

Legal Helpline is here when you are ready to make your claim. Our free claims line is manned by specialist advisers who will offer you a no-obligation telephone assessment of your claim. You will also be given free legal advice on whether you could proceed to a claim, so why not give us a call today?

What Is A Data Breach Claim Against Doorstep Dispensaree Ltd?

Data breaches occur when a security incident results in personal data being lost, destroyed, disclosed, altered or accessed by an unauthorised party. Whether the security incident is caused deliberately, illegally or accidentally does not matter – you could still receive compensation for any suffering.

To be entitled to claim, it is necessary to prove that the breach took place and that it resulted in you suffering damage either financially or mentally. This could either mean you’ve been made ill (distress, anxiety, depression, for instance) or that the breach caused you to lose money.

The stories about data breaches that end up in the news are often related to cybersecurity incidents. They can happen when criminal hackers employ techniques like phishing emails, viruses, ransomware or key loggers to get past computer security systems. However, as we will show you shortly, the GDPR and the ICO are also concerned with physical documentation too.

Any information that could assist in identifying a data subject is covered by the GDPR. This includes data about names, telephone numbers, addresses and NHS numbers. Additionally, it also includes information about protected characteristics like ethnicity, disability, gender or age.

What Is the Sharing Of Data With Third Parties?

If an organisation would like to share your data with another organisation, there must be a lawful reason. That could either mean you have consented to it or, as an example, there is a risk to somebody’s life.

However, if your personal information is passed to a third party without your knowledge or consent, and there is no lawful reason to share it, you could be eligible to seek compensation.

Enforcement Action Against Doorstep Dispensaree Ltd

Let’s now turn to the data breach that caused the ICO to fine Doorstep Dispensaree Ltd £275,000.

The company supplies medication to care homes and customers. The ICO report states that there were some 500,000 pieces of documentation left in containers (that were unlocked) at the back of the company’s Edgeware premises.

Data contained within the documentation related to medical information, names, addresses, prescriptions, NHS numbers and telephone numbers. Because the documents were not secured, the rules of the GDPR had been broken and that’s why the ICO issued the large fine. In addition, the documentation was not protected from the elements and so became water damaged.

In addition to being fined, the ICO ordered that data protection practices be reviewed by the company and changed within three months to prevent further action.


If you believe a pharmacy has breached the rules of the GDPR and caused you to suffer damage, we could assess your claim for free. Please contact our team today and we will let you know your options. We could even provide a No Win No Fee lawyer from our panel if your claim is suitable.

Calculating Claims For A Data Breach By Doorstep Dispensaree Ltd

We are now going to move on to show you what level of compensation could be awarded in data breach claims. In this section, we are on concentrating on claiming for psychiatric injuries like anxiety, depression, distress and Post-Traumatic Stress Disorder (PTSD).

An important case decided by the Court of Appeal provided some guidance for data breach claims. When hearing the case of Vidal-Hall and others v Google Inc [2015], it was decided that:

  1. You are allowed to be compensated for mental harm caused as a result of data breaches without having lost any money.
  2. Awards for mental damage should be based on the amounts used in personal injury claims.

Therefore, our compensation table, below, is based on data from the Judicial College Guidelines as it is the document lawyers and insurers use to work out personal injury claim settlements.

ClaimSeveritySettlement DetailsAdditional Comments
General Psychiatric DamageClaims relating to psychiatric damaged are assessed on the following factors: 1)If the claimant ability has the ability to cope life and work; 2) If medical treatment will help; 3) Detrimental affect on relationships; 4) Future vulnerability; 5) Prognosis
General Psychiatric DamageSevere£51,460 to £108,620In this range, the claimant will face serious problems with all factors. Therefore, they will be given a very poor prognosis.
General Psychiatric DamageModerately Severe£17,900 to £51,460The suffering in this category is very similar to above. However, there will be a more optimistic prognosis.
General Psychiatric DamageModerate£5,500 to £17,900 The claimant will have had serious problems with factors 1-4. A good prognosis will be given though due to a number of marked improvements.
General Psychiatric DamageLess SevereUp to £5,500This compensation bracket will take into account the effect on daily activities like sleep and how long the disruption lasted.

A key factor used to set compensation amounts is the severity of any injuries. For that reason, you will need to attend a medical assessment during the claims process. Our panel of data breach lawyers arrange these locally to you, which is a benefit of working with us.

The appointment will be conducted by an independent specialist. They will read your medical notes and ask a series of questions to find out more about your suffering. After they have finished, the specialist will compile a report that explains a) your injuries and b) your prognosis for the future. This report will then be sent to your lawyer who’ll use it to prove your case and value your injuries.

What Are The Damages Awarded In Data Breach Claims?

Some data breach claims can be particularly tricky. Not only do you need to prove the suffering that has been caused by the breach already, but you will also need to explain how you could suffer in the future. The reason that is necessary is that you are only allowed to claim once.

There are normally two main elements in data breach claims. They are called material damages (used to cover any money you’ve lost in the past and future) and non-material damages (for injuries like anxiety, Post-Traumatic Stress Disorder or depression).

For material damages, the first calculation you’ll make will be for any money that has already been lost as a result of the breach. Then you will need to move on to future losses. For example, where personal data is passed around the dark web by criminal organisations, you could continue to lose money until you’re able to block or change your accounts.

Similarly, medical claims will usually begin with conditions that you have already had confirmed by a doctor. Then you may need to look at the prognosis offered in your medical report. If it suggests that PTSD will prevent you from working for some time, then lost income might need to be factored into your claim.

Our belief is that a data breach lawyer will increase your chances of being properly compensated. With their help, it could be easier to determine all aspects of your suffering so that you file a full claim.

We offer free advice on claiming and have a panel of data breach solicitors who are ready to represent you. If you would like to know if your case is suitable, why not contact us today? Any advice we provide is free and we will never put pressure on you to make a claim.

How To Report A Pharmacy Data Breach To The Information Commissioner’s Office

One option you have if you believe you’ve been affected by a data protection breach is to ask the ICO to investigate. However, you can’t ask for their help until you have complained directly to the company involved.

If you are not satisfied with the formal response you receive, you should use any escalation path available to you. Once you’ve exhausted all avenues, and it has been 3-months since you’ve heard from the defendant, you could ask for the ICO’s advice.

The company involved might be fined by the ICO if they are found to have breached any rules and forced to change the way they work. However, they won’t be ordered to compensate you even if you have suffered. The route you’ll need to take for that to happen is to begin your own legal action.

If you would like our help with that process, why not contact a specialist advisor today?

No Win No Fee Compensation Claims For A Data Breach By Doorstep Dispensaree Ltd

If you’re worried about losing money on lawyer’s fees, then we can help. That is because our panel of data breach solicitors provide a No Win No Fee service for all accepted claims. That allows you to benefit from their legal expertise whilst also lowering your financial risks.

At the beginning of your claim, a lawyer will verify the viability of your case. If they agree to work for you, your case will be funded by a Conditional Fee Agreement (CFA)—the formal title for a No Win No Fee agreement. This contract explains what needs to occur before the lawyer is paid for their work. In addition, it will demonstrate that:

  • The lawyer won’t ask you to pay them upfront.
  • You won’t be billed for your lawyer’s costs while they work on your case.
  • If the case doesn’t work out, you don’t need to cover your lawyer’s fees.

Should your case succeed, and you receive compensation, your lawyer will take a success fee from your compensation. This is a small and fixed percentage of your settlement used to cover your lawyer’s fees. So that you’re aware of the percentage you’ll pay, the success fee (which is limited by law) is listed in the CFA.

If you would like to check if you could claim on a No Win No Fee basis, please get in touch today.

How To Get Help From A Data Breach Solicitor

As we have shown, there is a lot of work involved in making GDPR data breach claims. That shouldn’t prevent you from claiming though. We advise that taking on a legal representative could make your claim easier. If your case is accepted by a data breach solicitor from our panel, they will:

  • Go through your claim with you thoroughly so they can see how you have suffered.
  • Spend time obtaining evidence to back up your allegations.
  • Book you in for a local medical assessment (required in all claims).
  • Prepare your claim and send it to the defendant.
  • Manage all communication with the defendant’s insurance company.
  • Work hard to try and ensure that compensation is paid at the maximum level possible.

Speak to an advisor today to find out if we are able to help you claim.

How To Start Your Claim For A Data Breach By Doorstep Dispensaree Ltd

As we are nearing the end of this article on data breach claims involving Doorstep Dispensaree, we will review the process you could take to begin legal action.

First of all, it is necessary for you to make a complaint to the pharmacy directly. You will receive a formal response in due course. If you are not happy with the explanation you are given, you should escalate the complaint.

After it has been 3-months since your last meaningful contact, you have a couple of options. You could ask the ICO to look at what’s happened, and, at the same time, you could contact us to see if a lawyer from our panel could help you. In some cases, an ICO investigation is not needed so you may wish to speak to a lawyer before formally contacting them.

Contact An Expert

Thank you for visiting Legal Helpline today. We hope that you’ve gained the information you came for. We are ready to help you when you’d like to begin your claim. To get in touch, you could:

For your convenience, our free legal advice line is open 7-days a week, 24-hours a day. Our advisors won’t waste your time with irrelevant questions, and they will always be honest about your chances of being compensated. At no point will we pressurise you into claiming but we could refer you to a data breach lawyer from our panel if your claim is strong enough.

FAQs On Data Breach Claims

As a method of providing more information about claiming for harm relating to data breaches, we’ve answered a few commonly asked questions below. If your question does not get answered here, please speak to an advisor.

What are my rights under the GDPR?

There are many rights available to data subjects under the GDPR. They include that there must be a lawful reason for your data to be used, a right to raise concerns and a right to limit how your data is used.

How do I know if my data was breached?

If an organisation has discovered a personal data breach, they must inform any data subject who could be at risk. This may be in the form of a letter or email. The communication should explain when the breach took place, how it happened and what information was potentially exposed.

What evidence will I need to make a claim?

Once it has been proven that a personal data breach occurred, you will need to provide evidence to show a) how you have suffered financially (costs, losses etc) and b) how you have suffered medically.

What can you be compensated for?

If you make a successful personal data breach claim, you could receive compensation for material damages (financial losses) as well as non-material damages (suffering caused by stress, depression, anxiety etc).

Where To Learn More About Data Breaches

You have reached the end of our article about claiming for financial losses and suffering resulting from pharmacy data breaches such as that of Doorstep Dispensaree. In this section, we have decided to add some external links to resources that might come in useful. If you need anything further, please do contact one of our specialists.

Getting Help For Anxiety – An NHS article explaining who you can turn to if you’re suffering from anxiety.

How To Make A Complaint – Advice from the ICO on how to make a formal complaint relating to data protection laws.

The General Pharmaceutical Council – The body that regulates pharmacists, technicians and pharmacies in Great Britain.

To show what other types of claims we are able to help with, you’ll find a sample of our articles below:

GDPR Data Breach Compensation Claims – Information on what you can do if you fall victim to a GDPR data breach.

Bank Data Breach Claims – This guide explains when you could claim for the damage inflicted by a bank data breach.

Medical Data Breach Claims – Free advice about claiming if you’ve been the victim of a medical data breach.

Thank you for reading our guide to claiming compensation in relation to the data breach by Doorstep Dispensaree Ltd.

Guide by BH

Edited by REB