Search

How can we help?

Icon

£32.1m fine for employee surveillance

Following an investigation by the Data Protection Authority of Hamburg, fashion retailer H&M has been fined the equivalent of £32.1m for surveillance illegally monitoring of its employees.

The German data protection watchdog discovered that the company was keeping excessive records on hundreds of employees based in their Nuremburg service centre. This included details of holidays, medical symptoms and diagnoses, family issues and religious beliefs. It has also been alleged that these intimate and highly sensitive details were, in some instances, being used by management to evaluate work performance.

In the last 12 months there have been a string of high-profile fines against companies for breaches of the legislation. Last year, Google was fined by the French data protection regulator for breaching GDPR, Marriot International were fined by our own Information Commissioner’s Office for insufficient data-security systems, and PWC were fined by the Greek data protection authority for unlawful processing of employee data. GDPR is now well into its second year yet many companies continue to give inappropriate weight to data protection and underestimate the significance of the information they process.

In the last 12 months there have been a string of high-profile fines against companies for breaches of the legislation.

The fine should come as a stark warning. Data Protection regulators are becoming more active and aggressive in their stance against data breaches. Head of the HmbBfDI, the German regulator, hopes that the size of the fine will “scare off companies from violating people’s privacy”.

Disclaimer
This information is for guidance purposes only and should not be regarded as a substitute for taking legal advice. Please refer to the full General Notices on our website.

Author profile

Get in touch

+44 118 958 5321

About this article

  • Subject
    £32.1m fine for employee surveillance
  • Author
  • Expertise
    Employment
  • Published
    07 October 2020

Read, listen and watch our latest insights

art
  • 20 May 2026
  • Immigration

AI vs Home Office approved Translations – why migrants are paying the price

AI is transforming almost every professional sector. Law firms now use AI-assisted drafting, businesses rely on automated translation software, and governments increasingly use digital systems for decision-making.

art
  • 20 May 2026
  • Employment

Trade Unions Right of Access from October – What you need to know

Under the Employment Rights Act 2025, independent Trade Unions (i.e. those with a certificate of independence) will have a right to access workplaces (physically and digitally) from October 2026.
art
  • 19 May 2026
  • Privacy and Data Protection

New Complaints Procedure for Data Protection Coming in June – Are You Ready?

The Data (Use and Access) Act 2025 (the “Act”) received Royal Assent last year and introduces slight reforms to the UK’s data protection regime.

art
  • 18 May 2026
  • Commercial Real Estate

Land Registry title to property mines and minerals

Depending on the location of the property, it is quite common in parts of England and Wales for a property title to contain a reference to mines and minerals, and for these to be excluded from the surface owner’s ownership in favour of another party.

art
  • 13 May 2026
  • Employment

10 top tips for negotiating a redundancy settlement agreement, for employers and employees

Redundancies are on the rise, resulting in increased use of settlement agreements. We’ve compiled our top 10 tips for drafting and negotiating these agreements to support both employers and employees through this challenging process.
art
  • 12 May 2026
  • Immigration

Supplementary Employment: When is it Allowed under UK Immigration Rules?

This article provides a guidance to understanding the rules on supplementary employment in the UK.
See More