Manx Care has received an Enforcement Notice from the Information Commissioner after a number of data breaches.
According to the document, there have been several breaches, including one where the unencrypted medical record of a patient was emailed to around 2,200 people.
The notice says that damage or distress to individuals is likely due to the lack of appropriate technical and organisational measures.
Manx Care now have four months to comply with GDPR regulations and provide the Commissioner with updates, or face a fine of up to £1m.
You can read the full document here.
Garage blaze in the early hours of this morning
Art anarchists "hiding gold bars" in Douglas this week
No cases of terror financing through charities
You can now adopt an ambulance
Case for horse tram tracks 'under final review'
Council spends more than £1m on beads for cavities
Police recruitment drop-in sessions tonight
Ferry terminal and universal basic income on Keys agenda
