H&M Fined for Breaching GDPR

Clothing company H&M has been fined £32.1 million for breaching GDPR. H&M violated the privacy of its employees by conducting illegal workplace surveillance. The Data Protection Authority of Hamburg, Germany, stated that H&M’s staff had been subject to “extensive recording of details about their private lives”. This included details about their families, medical symptoms and diagnoses, religious beliefs, details of holidays and information from informal conservations.

The fine highlights the repercussions faced by companies who breach GDPR. Under Article 5 GDPR personal data must be processed lawfully and collected for legitimate purposes. This is the second highest fine that has been issued to a company for breaching GDPR. The highest single fine to date was the €50 million imposed on Google by the French data protection regulator CNIL in 2019. A company can be fined up to €20 million or 4% of their global annual turnover of the preceding year, whichever is greater, for severe violations of GDPR.

H&M has apologised to all its effected employees and employees of the service centre in Nuremberg and all staff who have been employed for at least one month since GDPR came into force in May 2018 will receive financial compensation.

If you require legal assistance regarding GDPR, please do not hesitate to contact Christopher Buck, Associate Partner in our Business Services team, on 01908 660966 / 016014 828282 or by email at christopher.buck@franklins-sols.co.uk who will be happy to assist.