Search

How can we help?

Icon

£32.1m fine for employee surveillance

Following an investigation by the Data Protection Authority of Hamburg, fashion retailer H&M has been fined the equivalent of £32.1m for surveillance illegally monitoring of its employees.

The German data protection watchdog discovered that the company was keeping excessive records on hundreds of employees based in their Nuremburg service centre. This included details of holidays, medical symptoms and diagnoses, family issues and religious beliefs. It has also been alleged that these intimate and highly sensitive details were, in some instances, being used by management to evaluate work performance.

In the last 12 months there have been a string of high-profile fines against companies for breaches of the legislation. Last year, Google was fined by the French data protection regulator for breaching GDPR, Marriot International were fined by our own Information Commissioner’s Office for insufficient data-security systems, and PWC were fined by the Greek data protection authority for unlawful processing of employee data. GDPR is now well into its second year yet many companies continue to give inappropriate weight to data protection and underestimate the significance of the information they process.

In the last 12 months there have been a string of high-profile fines against companies for breaches of the legislation.

The fine should come as a stark warning. Data Protection regulators are becoming more active and aggressive in their stance against data breaches. Head of the HmbBfDI, the German regulator, hopes that the size of the fine will “scare off companies from violating people’s privacy”.

Disclaimer
This information is for guidance purposes only and should not be regarded as a substitute for taking legal advice. Please refer to the full General Notices on our website.

Author profile

Get in touch

+44 118 958 5321

About this article

  • Subject
    £32.1m fine for employee surveillance
  • Author
  • Expertise
    Employment
  • Published
    07 October 2020

Read, listen and watch our latest insights

art
  • 14 April 2026
  • Employment

Updates to Vento Bands 2026: Injury to feelings awards

For discrimination and detriment cases, compensation can also cover non-financial losses, which, in most cases, will include an injury to feelings award.

art
  • 13 April 2026
  • Litigation and dispute resolution

Renters’ Rights Act coming into force on 1 May 2026

The long-awaited Renters’ Rights Act 2025 (RRA) comes into force on 1 May 2026, bringing the biggest changes to the private rental sector since the 1980s. So what do landlords need to know about what is changing?
art
  • 10 April 2026
  • Privacy and Data Protection

Is your tech discriminatory?

Employers are increasingly reliant on technology to assist with all kinds of functions – from strengthening security to streamlining recruitment processes.

art
  • 09 April 2026
  • Employment

Bereaved Partner’s Paternity Leave: the new statutory right explained

The new statutory right is not inconsequential, and so to ensure that everyone is up to date: here is what you need to know about this new right.
art
  • 02 April 2026
  • Commercial Real Estate

Can I have access to a neighbour’s land to carry out works to my property?

As a landowner, maintaining and repairing your property is important. It may be the case that to do so, you will need to access the land of a neighbour.
art
  • 01 April 2026
  • Privacy and Data Protection

Recognising DSARs: top tips for organisations

The UK GDPR grants Data Subjects, who are the individuals to whom the personal data relates, rights over their personal data, including the rights of access, correction and erasure.

See More