The Hamburg Data Protection Authority issued their largest fine ever under the General Data Protection Regulation (GDPR) for employee-related offenses. A fine of more than €35 million was levied against Hennes and Mauritz AB (H&M), a Swedish clothing company.
According to the investigation, H&M recorded and stored gigabytes of recorded one-on-one conversations with employees. The details provided in those conversations were used in decisions regarding the employees. The Hamburg Data Protection Authority found that the personal details revealed, the recording and storage of those details, the fact that multiple managers had access to the data, and that the data were used to make work-related decisions violated the GDPR and infringed on employees’ civil rights.