Search

How can we help?

Icon

£32.1m fine for employee surveillance

Following an investigation by the Data Protection Authority of Hamburg, fashion retailer H&M has been fined the equivalent of £32.1m for surveillance illegally monitoring of its employees.

The German data protection watchdog discovered that the company was keeping excessive records on hundreds of employees based in their Nuremburg service centre. This included details of holidays, medical symptoms and diagnoses, family issues and religious beliefs. It has also been alleged that these intimate and highly sensitive details were, in some instances, being used by management to evaluate work performance.

In the last 12 months there have been a string of high-profile fines against companies for breaches of the legislation. Last year, Google was fined by the French data protection regulator for breaching GDPR, Marriot International were fined by our own Information Commissioner’s Office for insufficient data-security systems, and PWC were fined by the Greek data protection authority for unlawful processing of employee data. GDPR is now well into its second year yet many companies continue to give inappropriate weight to data protection and underestimate the significance of the information they process.

In the last 12 months there have been a string of high-profile fines against companies for breaches of the legislation.

The fine should come as a stark warning. Data Protection regulators are becoming more active and aggressive in their stance against data breaches. Head of the HmbBfDI, the German regulator, hopes that the size of the fine will “scare off companies from violating people’s privacy”.

Disclaimer
This information is for guidance purposes only and should not be regarded as a substitute for taking legal advice. Please refer to the full General Notices on our website.

Author profile
Jacob Montague

Senior Solicitor

View profile

+44 118 960 4613

About this article

Read, listen and watch our latest insights

Pub
  • 19 August 2025
  • Immigration

Navigating New UK Immigration Rules: The 2025 Changes

In our latest podcast, join Ruth Karimatsenga and Monica Mastropasqua from the immigration team as they guide you through the new 2025 UK Immigration Rules.
art
  • 18 August 2025
  • Privacy and Data Protection

Top 10 DUAA Compliance Tips for Employers

To support your preparation, we have outlined 10 practical tips to help employers navigate the new requirements and take full advantage of the DUAA’s reforms.
art
  • 15 August 2025
  • Employment

Employment Rights Bill – Get your tailored action plan now!

The Employment Rights Bill is a major piece of legislation which significantly overhauls worker’s rights.
art
  • 13 August 2025
  • Commercial Real Estate

Proposed Ban of upwards only rent reviews

In an effort to save the high street, the government has proposed to ban upwards only rent reviews in commercial leases, without any consultation with professional bodies. It has caught the commercial property sector completely by surprise.
art
  • 12 August 2025
  • Privacy and Data Protection

From WeTransfer to WhatsApp: How Unapproved Tools and “Shadow IT” Could Threaten UK GDPR Compliance

Businesses and self-employed professionals are in a constant pursuit of efficiency and productivity.  There are, as a result, no end of tools and products available to smooth digital workflows. 
art
  • 07 August 2025
  • Immigration

New simplified British Citizenship route for Irish Citizens now in force

From 22 July 2025, eligible Irish citizens who have been resident in the UK for five years can now register as British citizens under a new, simplified route.
See More