The ICO has issued a £35,000 fine against a GP practice in London which left medical information unsecured in a mothballed building, including medical records and prescription data. Interestingly, the matter came to the ICO's attention when another GP practice, considering taking over the building, went on a site visit and found the information. NHS England and CQC became involved in the subsequent investigations.

On the eve of GDPR and the Data Protection Act 2018 coming into effect, the penalty here is a timely reminder of getting the basics right - particularly when moving the location of services.