Search

How can we help?

Icon

£32.1m fine for employee surveillance

Following an investigation by the Data Protection Authority of Hamburg, fashion retailer H&M has been fined the equivalent of £32.1m for surveillance illegally monitoring of its employees.

The German data protection watchdog discovered that the company was keeping excessive records on hundreds of employees based in their Nuremburg service centre. This included details of holidays, medical symptoms and diagnoses, family issues and religious beliefs. It has also been alleged that these intimate and highly sensitive details were, in some instances, being used by management to evaluate work performance.

In the last 12 months there have been a string of high-profile fines against companies for breaches of the legislation. Last year, Google was fined by the French data protection regulator for breaching GDPR, Marriot International were fined by our own Information Commissioner’s Office for insufficient data-security systems, and PWC were fined by the Greek data protection authority for unlawful processing of employee data. GDPR is now well into its second year yet many companies continue to give inappropriate weight to data protection and underestimate the significance of the information they process.

In the last 12 months there have been a string of high-profile fines against companies for breaches of the legislation.

The fine should come as a stark warning. Data Protection regulators are becoming more active and aggressive in their stance against data breaches. Head of the HmbBfDI, the German regulator, hopes that the size of the fine will “scare off companies from violating people’s privacy”.

Disclaimer
This information is for guidance purposes only and should not be regarded as a substitute for taking legal advice. Please refer to the full General Notices on our website.

Author profile

Get in touch

+44 118 958 5321

About this article

  • Subject
    £32.1m fine for employee surveillance
  • Author
  • Expertise
    Employment
  • Published
    07 October 2020

Read, listen and watch our latest insights

art
  • 21 January 2026
  • Privacy and Data Protection

FAQs – Data Subject Access Requests

Any individual who may be identified from any form of document, whether directly or indirectly, is a data subject.
art
  • 20 January 2026
  • Corporate and M&A

Positioning Your Business for Growth and Exit in 2026

2025 proved another challenging year for SMEs in the UK, with regulatory reform for Companies, increased taxes and operating costs and geopolitical pressure making for a harsh trading environment, Yet, despite the gloomy economic outlook, dealmaking in the region remained robust.
Pub
  • 20 January 2026
  • Immigration

UK Immigration: What to expect in 2026 for employers

Join our UK immigration specialists, Ruth Karimatsenga and Monica Mastropasqua, for an on-demand webinar as they discuss the key updates and their impact on your business in 2026.
Pub
  • 15 January 2026
  • Corporate and M&A

Quarterly Insights: Key Corporate & Commercial Topics – Q1 2026

Join Stuart Mullins and Jonathan Hayes as they explore the most topical issues and key developments our team has examined over the past three months. In Episode 1, they discuss Family Investment Companies, Legal Due Diligence, and Directors’ Duties.
Pub
  • 08 January 2026
  • Privacy and Data Protection

Data Protection Audits: Launch Event

Join us for a breakfast networking session on Thursday 26th February 2026 as we officially launch our Data Protection Audit services.
art
  • 08 January 2026
  • Privacy and Data Protection

Data Protection – what’s happened in 2025?

2025 has been a lively year for the data protection sphere, with the main talking point coming from the UK’s data reform Bill finally receiving Royal Assent on 19 June 2025.
See More