Search

How can we help?

Icon

£32.1m fine for employee surveillance

Following an investigation by the Data Protection Authority of Hamburg, fashion retailer H&M has been fined the equivalent of £32.1m for surveillance illegally monitoring of its employees.

The German data protection watchdog discovered that the company was keeping excessive records on hundreds of employees based in their Nuremburg service centre. This included details of holidays, medical symptoms and diagnoses, family issues and religious beliefs. It has also been alleged that these intimate and highly sensitive details were, in some instances, being used by management to evaluate work performance.

In the last 12 months there have been a string of high-profile fines against companies for breaches of the legislation. Last year, Google was fined by the French data protection regulator for breaching GDPR, Marriot International were fined by our own Information Commissioner’s Office for insufficient data-security systems, and PWC were fined by the Greek data protection authority for unlawful processing of employee data. GDPR is now well into its second year yet many companies continue to give inappropriate weight to data protection and underestimate the significance of the information they process.

In the last 12 months there have been a string of high-profile fines against companies for breaches of the legislation.

The fine should come as a stark warning. Data Protection regulators are becoming more active and aggressive in their stance against data breaches. Head of the HmbBfDI, the German regulator, hopes that the size of the fine will “scare off companies from violating people’s privacy”.

Disclaimer
This information is for guidance purposes only and should not be regarded as a substitute for taking legal advice. Please refer to the full General Notices on our website.

Author profile

Get in touch

+44 118 958 5321

About this article

  • Subject
    £32.1m fine for employee surveillance
  • Author
  • Expertise
    Employment
  • Published
    07 October 2020

Read, listen and watch our latest insights

art
  • 15 September 2025
  • Immigration

Sharp rise in Sponsor Licence Revocations – What employers need to know

The Home Office has reported a record number of sponsor licence revocations over the past year, as part of its intensified efforts to crack down on abuse of the UK’s immigration system.

art
  • 10 September 2025
  • Commercial Real Estate

Trouble at the Table: The Challenges Facing the UK Hospitality Sector in the run up to Christmas 2025

The UK hospitality sector, long celebrated for its vibrancy and resilience, is facing a perfect storm of economic, operational, and structural challenges in 2025.
art
  • 09 September 2025
  • Commercial Real Estate

Le bail commercial anglais: quelques points essentiels à considérer

Typiquement, les baux commerciaux en Angleterre sont de court terme, d’une durée de 5 ou 10 ans, avec un loyer de marché et des ajustements du loyer périodiques en fonction de l’inflation ou d’autres facteurs. 
art
  • 09 September 2025
  • Corporate and M&A

The Failure to Prevent Fraud Offence – be prepared to avoid criminal liability

The failure to prevent fraud offence is a new corporate offence which has come into force on 1 September 2025.
art
  • 08 September 2025
  • Employment

Can employers still make changes to contracts after the Employment Rights Bill?

The short answer is yes but it will be much more difficult for employers following the introduction of the Employment Rights Bill because their ability to fairly dismiss employees who do not agree contractual changes is being restricted. 
art
  • 05 September 2025
  • Privacy and Data Protection

When Ignoring a DSAR Becomes a Criminal Offence

On 3 September 2025, Mr Jason Blake appeared at Beverley Magistrates Court and was fined for failing to respond to a data subject access request (DSAR).
See More