En
En
Products
SearchInform DLP
SearchInform Risk Monitor
SearchInform ProfileCenter
SearchInform FileAuditor
Data protection and classification
Access rights audit
User activity audit, investigation
Compliance
Use case: access control and change management
Use case: user behavior and insider detection
Use case: eDiscovery
Use case: file cleanup
SearchInform SIEM
TimeInformer
Cloud solutions
Third-party integration
Services
Services
SearchInform for MSSP
How to max out SearchInform services
Compliance
Saudi Arabian Monetary Authority
GDPR compliance with SearchInform
Personal Data Protection Bill
Resources
White Papers
Research
How to
Practices and use cases
Videos
Partners
Become a Partner
Partner login
Contact us
Products
SearchInform DLP
SearchInform Risk Monitor
SearchInform ProfileCenter
SearchInform FileAuditor
SearchInform SIEM
TimeInformer
Cloud solutions
Third-party integration
Services
Services
SearchInform for MSSP
How to max out SearchInform services
Compliance
Saudi Arabian Monetary Authority
GDPR compliance with SearchInform
Personal Data Protection Bill
Resources
White Papers
Research
How to
Practices and use cases
Videos
Partners
Become a Partner
Partner login
Contact Us
Book a return call
HomeBlogThe biggest GDPR fine in Germany
BACK TO BLOG LIST
The biggest GDPR fine in Germany
02.10.2020

H&M will be charged €35.3 million – penalty imposed by the Data Protection Authority of Hamburg. The company, which has a service center in Nuremberg, is accused of collecting and storing private life data of its employees. H&M has allegedly been gathering too much data than it had rights to about hundreds of its employees since 2014. In the press release describing the incident it is said that lots of private details got documented by the company’s management, including information about family issues, religion, illness information and diagnoses. These records, in some cases quite elaborate and full of particularities, made for further processing and analysis were available for dozens of employees to access the information.

The arbitrariness with which the company’s managers acted collecting and recording private life data during casual talks as well as keeping a history of such details to create an illicit profile, is among the key problems which the Data Protection Authority is trying to convey by exacting the biggest ever GDPR fine within Germany so far.

The fact that the company collects private information surfaced unexpectedly in 2019 – after a configuration error in the system which spouted the data letting anyone working at the company access the information. The exposed details were available for hours.

60GB of information was provided by H&M to the DPA.

The company took many steps to recoup the level of security and transparency – the brand has reportedly contributed into compliance and launched a data protection program in Nuremberg. A new employee has been assigned to implement data protection coordinating. The new risk management framework of the affected service center included mechanisms preventing whistleblowing and updating privacy status.

It has been noted that H&M was going to reimburse the employees for major inconvenience.

Interestingly, according to Trust Anchor, the penalty considering the company’s turnover the penalty should have been two times higher – about €61 million, but thanks to the cooperation with the DPA it has been cut in half.

BACK TO BLOG LIST
Subscribe to get helpful articles and white papers. We discuss industry trends and give advice on how to deal with data leaks and cyberincidents.
Products and Services
FileAuditor
DLP
Risk Monitor
ProfileCenter
SIEM
MSSP
Cloud Deployment
Company
Contact
About Our Company
Company Portfolio
Our Clients
Press About Us
Press Kit
Resources
White Papers
Third-party integration
Research
Practices and use cases
Videos
News
Company News
Product News
Events
Blog
Challenges
Compliance
Data Loss Prevention
Investigation
Data at Rest Discovery
Data Encryption
Data Visibility
Data Classification and Protection
Data at Rest Discovery
Time Tracking and Employee
Monitoring
Corporate Fraud Mitigation
Roles
C-level executive
Risk manager
Internal audit officer
Compliance manager
Information security analyst
Chief Human Resources Officer
Industries
Business Services
Education
Financial Services
Government
Insurance
Manufacturing
Healthcare
Retail
Energy
Hospitality
Construction
Partners
Become a partner
Partner login
SearchInform products are recognized by
Gartner The Radicati Group
Follow us:
© 2024 SearchInform LTD All rights reserved.
Terms of Use
Licence
Privacy&Cookies