The ICO fined the London-based pharmaceutical company Doorstep Dispensaree Ltd £275,000 for failing to take the necessary precautions when storing documents containing personal data, which resulted in the documents becoming unusable after contact with water. The company kept approximately 500,000 documents in unlocked containers. documents; It includes personal data such as name, surname, address, date of birth, NHS number (an individual number used for health services in the UK), health information, and prescriptions that are not exact.
Since the documents were not protected with adequate precautions, they became unusable by taking water between June 2016 and June 2018. Failure to process data in a manner that provides appropriate security against unauthorized or unlawful processing and accidental loss, destruction or damage is considered a data breach under GDPR.
The remarkable part is that when determining the fine, the ICO only considered violations on May 25, 2018, when GDPR came into effect.
Due to the significance of the breaches, the ICO issued a sanction notice and ordered it to improve its data protection practices within three months. Failure to do so may result in further enforcement action.
In terms of KVKK, "The security of physical environments containing Personal Data against external risks (fire, flood, etc.) is ensured." and “Extra security measures are taken for personal data transferred via paper and the relevant document is sent in confidential document format.” We see how important their articles should be.

Source: https:// ico.org.uk/action-weve-taken/enforcement/doorstep-dispensaree-ltd-mpn/