Printer Friendly, PDF & Email

H&M fined 35 million euros for GDPR violation

The Hamburg Data Protection Authority issued their largest fine[1] ever under the General Data Protection Regulation (GDPR) for employee-related offenses. A fine of more than €35 million was levied against Hennes and Mauritz AB (H&M), a Swedish clothing company.

According to the investigation, H&M recorded and stored gigabytes of recorded one-on-one conversations with employees. The details provided in those conversations were used in decisions regarding the employees. The Hamburg Data Protection Authority found that the personal details revealed, the recording and storage of those details, the fact that multiple managers had access to the data, and that the data were used to make work-related decisions violated the GDPR and infringed on employees’ civil rights.

This document is only available to members. Please log in or become a member.