The english data protection authority, ICO, has issued a fine of €320 000 against Doorstep Dispensaree Ltd.
After a tip, the ICO has physically found that Doorstep has stored a large number of paper documents, containing personal data, in such a way that they have not been secured from the impact of weather.
ICO referes to article 32, point 2, and concludes that Doorstep has failed in its obligation to control “the risks that are presented by processing, in particular from accidental or unlawful destruction”.
This fine is interesting from several perspective.
Firstly, it deals with physical documents, secondly, it focuses on the accidental destruction of personal data.
After the German data protection authority issued a record fine of €14,5M against Deutsche Wohnens misconduct with unstructured data, it starts to become clear that the DPAs of Europe are starting to physically investigate the actual data management.
When also including the accidental loss of personal data, deletion of unknown data no longer is a viable option.