The 1^er Last October, the Hamburg supervisory authority made public a financial penalty imposed on a German subsidiary of the H&M group for a breach of the terms of the agreement. historic amount of over 35 million euros for a serious breach of the RGPD.

Since 2014, this Group subsidiary has been collecting extremely detailed data on the private lives of its employeesThis data was then stored in digital format, accessible to more than 50 managers and used to make decisions about their development or working conditions within the company. Some of this data was then stored in digital format, accessible to more than 50 managers and used to make decisions about their development or working conditions within the company.

The supervisory authority discovered these practices in October 2019 following a configuration error that made the disputed data accessible to the entire company.

H&M quickly took various corrective measures to remedy the situation and apologised to the employees concerned before offering them financial compensation. The supervisory authority encouraged this attitude but nevertheless ruled that the amount of the fine was appropriate to the seriousness of the breach and also aimed to dissuade companies to invade the privacy of their employees.

To read the decision, click here.