35 million DSGVO fine for H&M

35 million DSGVO fine for H&M

Hennes & Mauritz Online Shop A.B. & Co KG (H&M) has received a fine in the amount of 35,258,707.95 euros. The Commissioner for Data Protection and Freedom of Information in Hamburg has identified a violation of the GDPR in the area of processing employee data. Data were collected and stored that were not directly related to the employment relationship (specific leave results, illness syndromes and diagnosis, family problems, religious beliefs, ….). Since 2014, the circumstances of employees have been collected and stored in the form of notes on the network drive. So-called “Welcome Back Talks” were held by team leaders. One-on-one and hallway conversations were also saved by some supervisors. In some cases, this data was accessible to up to 50 executives.

The amount of the fine is approximately 1.1% of H&M Germany’s annual sales. However, the Commissioner for Data Protection and Freedom of Information did not explain how the penalty was calculated. It is also not known whether the DSK’s calculation method for DSGVO penalties was applied or not.

Entscheidungsdatum:
01.10.2020

Land:
Germany

Art des Verstoßes:
Illegal data collection

Betroffene Datensätze:
unknown

Waren sensible Daten betroffen?:
Yes

verhängte Geldstrafe:
€ 35,258,708,-

Quelle:
https://www.handelsblatt.com/unternehmen/handel-konsumgueter/modehaendler-mitarbeiter-ausgespaeht-datenschutzbeauftragter-verhaengt-rekord-bussgeld-gegen-hundm/26234570.html?ticket=ST-5208001-ig5ulfk74zqaTgAcTtRQ-ap3