Search

How can we help?

Icon

£32.1m fine for employee surveillance

Following an investigation by the Data Protection Authority of Hamburg, fashion retailer H&M has been fined the equivalent of £32.1m for surveillance illegally monitoring of its employees.

The German data protection watchdog discovered that the company was keeping excessive records on hundreds of employees based in their Nuremburg service centre. This included details of holidays, medical symptoms and diagnoses, family issues and religious beliefs. It has also been alleged that these intimate and highly sensitive details were, in some instances, being used by management to evaluate work performance.

In the last 12 months there have been a string of high-profile fines against companies for breaches of the legislation. Last year, Google was fined by the French data protection regulator for breaching GDPR, Marriot International were fined by our own Information Commissioner’s Office for insufficient data-security systems, and PWC were fined by the Greek data protection authority for unlawful processing of employee data. GDPR is now well into its second year yet many companies continue to give inappropriate weight to data protection and underestimate the significance of the information they process.

In the last 12 months there have been a string of high-profile fines against companies for breaches of the legislation.

The fine should come as a stark warning. Data Protection regulators are becoming more active and aggressive in their stance against data breaches. Head of the HmbBfDI, the German regulator, hopes that the size of the fine will “scare off companies from violating people’s privacy”.

Disclaimer
This information is for guidance purposes only and should not be regarded as a substitute for taking legal advice. Please refer to the full General Notices on our website.

Author profile

Get in touch

+44 118 958 5321

About this article

  • Subject
    £32.1m fine for employee surveillance
  • Author
  • Expertise
    Employment
  • Published
    07 October 2020

Read, listen and watch our latest insights

Pub
  • 07 May 2026
  • Employment

Employment Rights Act 2025: Key Changes for Employers

Join Katie Glendinning and Lucy White for a live webinar as they break down the key changes introduced by the Employment Rights Act 2025, offering clear insights into what these reforms mean in practice for employers and HR professionals.
art
  • 07 May 2026
  • Public Procurement

What the First Procurement Act 2023 Judgment Means for Automatic Suspension

It has been more than a year since the Procurement Act 2023 (PA23) came into force in February 2025, and the long wait for the first High Court judgment on the Act to be published is finally over.
art
  • 06 May 2026
  • Corporate and M&A

Community Interest Companies – What do you need to know?

This article seeks to provide an overview of the CIC structure’s key characteristics, the types of enterprises it suits, and some practical tips on the application process.
art
  • 06 May 2026
  • Privacy and Data Protection

Use of Personal Devices at Work: Why a Bring Your Own Device Policy is Essential

If you have employees who bring their own devices into the workplace and use said devices to deal with company data, you may want to consider a Bring Your Own Device (“BYOD”) policy.
art
  • 29 April 2026
  • Privacy and Data Protection

UK Data Protection – what’s new?

Having come into force on 19 June 2025, it comes as no surprise that we are now seeing the effects of the Data (Use and Access) Act 2025 (‘DUAA’). This article highlights a few of DUAA’s fundamental reforms, delves into one in particular, and examines how this will impact the recruitment sphere.
art
  • 29 April 2026
  • Employment

Employment Rights Act: Changing key contract terms will be harder from January 2027

The Employment Rights Act 2025 (“ERA 2025”) introduces a new regime that restricts how employers can change certain core contractual terms, with the key provisions now expected to commence on 1 January 2027.
See More