H&M fined £32m for unlawful surveillance

We often think of GDPR as covering our personal data when used for marketing, but there are many other aspects.

H&M, based in Germany, have been fined just over £32 million for the unlawful surveillance of hundreds of employees.

The surveillance was achieved with extensive staff surveys and informal chats which were documented, and details covered holidays, medical symptoms and diagnoses, family issues and religious beliefs. The data was stored at H&M’s Nuremberg service centre.

H&M made an unreserved apology and accepted the fine, also making changes so that this could hopefully not happen again.

These changes covered procedures, training and IT checks; these are the sorts of things we need to watch out for too. A data protection review will help you see if you can still demonstrate compliance with GDPR and PECR so contact us if you would like to see what would be involved.