Sanction following non-compliance with GDPR by ready-to-wear brand H&M

[samiaseo222]

The sentence has been handed down! H&M will have to pay a fine of 35.2 million euros for the damage caused to the privacy of its employees. The Swedish company illegally stored personal data on its employees for almost 5 years. This fine was imposed on them by the German data protection authority, the equivalent of the CNIL in France.


ABUSIVE COLLECTION OF EMPLOYEES’ DATA
Storing data illegally on any person has been oman email list prohibited since the advent of the General Data Protection Regulation (GDPR) . Any company that dares to do so will be sanctioned by the authority responsible for data protection and freedom of information.

H&M was the victim of this law. The Swedish brand was fined €35.2 million for collecting and storing the personal data of its employees between 2014 and 2019. This illegal practice could have gone unnoticed if the company's data had not been leaked in 2019. This data leak revealed personal data on employees of H&M's German subsidiary.

The investigation into the origin of this data reveals that the management of the brand's store located in Nuremberg is responsible for it. In fact, the store managers subjected employees who were absent to interrogations. When the absence was for health reasons, the managers required the employee to provide information on their medical history. This information was then collected in a file in the form of individual profiles. The investigation also reports that, in addition to health data, the Nuremberg management collected information on the religious beliefs and family difficulties of employees (deaths, vacations, social conditions, etc.).