The Swedish clothing company H&M (Hennes & Mauritz) has been fined €35.5 million by the German Data Protection Authority on the 1st of October 2020, after a data leak from a service center from Nuremberg Germany, which revealed the illegal collection of personal data of the employees by the managers.
The monitoring activity targeted several hundred employees at the service center. Since 2014, H&M managers have been gathering information related to employees’ privacy, such as medical diagnoses, family issues and religious beliefs.
The collected data was digitally recorded and stored in a system that could be accessed by 50 managers from across the company.
Prof. Dr. Johannes Caspar, Hamburg’s Commissioner for Data Protection and Freedom of Information, comments: “This case documents a serious disregard for employee data protection at the H&M site in Nuremberg. The amount of the fine imposed is therefore adequate and effective to deter companies from violating the privacy of their employees.
H&M admitted that there was deficiencies in the service center, claiming that they took measures to correct this situations. The company apologized to the affected employees which have been compensated as well. Moreover it implemented a data protection program for the service center in Nuremberg.
The fine applied to the Swedish Group is the largest announced so far in Germany on violating the GDPR regulations. Germany represents the main market for Hennes & Mauritz, founded in 1947 in Vasterls, Sweden.
Need help?
Sovy’s GDPR Essentials can help you with each of the steps laid out above:
- Walk through a data mapping exercise and build your data inventory.
- Build all the policies you need under the GDPR, including a privacy policy, data protection policy, and data breach response forms.
- Train your employees with industry-standard eLearning courses.
- Maintain your compliance program in the cloud
- Manage cookie consent and data rights
Find out how the Sovy GDPR Privacy Essentials can help you. Get in touch to find out more information.
Source: https://edpb.europa.eu/news/national-news/2020/hamburg-commissioner-fines-hm-353-million-euro-data-protection-violations_en