top of page

Don't spy on your staff

Updated: Oct 7, 2020

The German Data Protection Authority has issued the second-largest fine to a single company under the EU General Data Protection Regulation (GDPR). The GDPR changed the way personal data can be collected and used, and it also mandates companies to be fair and transparent. This is where H&M failed.

The company has been fined €35.3m and had to apologise “unreservedly” for having put in place an illegal surveillance affecting several hundred employees. The world’s second largest fashion seller also kept “excessive” records on the families, religions, and illnesses of employees at its Nuremberg service centre, which were then used to review performance and make employment decisions.

As a reminder, only last year Google was fined £45m by the French data regulator CNIL for breaching the rules.

6 views0 comments

Recent Posts

See All

When too much is really too much.

Since the GDPR came into force, there's been a surge in data breach reporting across the EU. The flood of reports though, over 280,000 data breaches submitted across the EU, resulted only in around 50


bottom of page