Search

How can we help?

Icon

£32.1m fine for employee surveillance

Following an investigation by the Data Protection Authority of Hamburg, fashion retailer H&M has been fined the equivalent of £32.1m for surveillance illegally monitoring of its employees.

The German data protection watchdog discovered that the company was keeping excessive records on hundreds of employees based in their Nuremburg service centre. This included details of holidays, medical symptoms and diagnoses, family issues and religious beliefs. It has also been alleged that these intimate and highly sensitive details were, in some instances, being used by management to evaluate work performance.

In the last 12 months there have been a string of high-profile fines against companies for breaches of the legislation. Last year, Google was fined by the French data protection regulator for breaching GDPR, Marriot International were fined by our own Information Commissioner’s Office for insufficient data-security systems, and PWC were fined by the Greek data protection authority for unlawful processing of employee data. GDPR is now well into its second year yet many companies continue to give inappropriate weight to data protection and underestimate the significance of the information they process.

In the last 12 months there have been a string of high-profile fines against companies for breaches of the legislation.

The fine should come as a stark warning. Data Protection regulators are becoming more active and aggressive in their stance against data breaches. Head of the HmbBfDI, the German regulator, hopes that the size of the fine will “scare off companies from violating people’s privacy”.

Disclaimer
This information is for guidance purposes only and should not be regarded as a substitute for taking legal advice. Please refer to the full General Notices on our website.

Author profile

Get in touch

+44 118 958 5321

About this article

  • Subject
    £32.1m fine for employee surveillance
  • Author
  • Expertise
    Employment
  • Published
    07 October 2020

Read, listen and watch our latest insights

Pub
  • 16 March 2026
  • Corporate and M&A

Shareholder Disputes: Managing Shareholder Buyouts and Exits – Episode 3

Join Stuart Mullins and Nicky Goringe Larkin for the third and final episode of our Shareholder Disputes series, where we move from prevention to resolution—exploring what happens when a founder’s exit becomes unavoidable.
art
  • 13 March 2026
  • Employment

When Immigration compliance becomes discrimination: The UK’s uncomfortable workplace balance

UK employers today operate under powerful, and some may say conflicting, legal pressures. On one hand, they must prevent illegal working under UK immigration laws.
art
  • 09 March 2026
  • Commercial Real Estate

Commercial Rent Deposits – A brief overview

A rent deposit is money provided by a tenant to its landlord as security for payment of the rent and performance of the tenant’s covenants contained in the lease.

art
  • 03 March 2026
  • Employment

International Women’s Day 2026 – Supporting equality and inclusion for a better, happier workforce

This year, International Women’s Day is inviting everyone to think differently about equality and how it can benefit everyone. The theme this year is ‘Give to Gain’.

art
  • 02 March 2026
  • Employment

10 facts an employer should know about holding personal data

Personal data is any information that can be used to identify an employee.

art
  • 27 February 2026
  • Litigation and dispute resolution

How (not!) to serve a winding up petition on a company using a default address

This case concerned an appeal by DG Resources Ltd (“DG”) on the basis that a winding up petition brought by HMRC (the “Petition”) was invalidly served.

See More