Rights and wrongs when creating profile

The biggest GDPR fine in Germany which H&M is to pay has uncovered a delicate yet scandalous problem – spying on employees. It was mentioned there that some profiles were created and continuously developed bringing details of about two hundred employees to a number of managers. But is there such a thing as righteous profile?>

H&M will be charged €35.3 million – penalty imposed by the Data Protection Authority of Hamburg. The company, which has a service center in Nuremberg, is accused of collecting and storing private life data of its employees. H&M has allegedly been gathering too much data than it had rights to about hundreds of its employees since 2014. In the press release describing the incident it is said that lots of private details got documented by the company’s management, including information about family issues, religion, illness information and diagnoses. These records, in some cases quite elaborate and full of particularities, made for further processing and analysis were available for dozens of employees to access the information.

The arbitrariness with which the company’s managers acted collecting and recording private life data during casual talks as well as keeping a history of such details to create an illicit profile, is among the key problems which the Data Protection Authority is trying to convey by exacting the biggest ever GDPR fine within Germany so far.


The fact that the company collects private information surfaced unexpectedly in 2019 – after a configuration error in the system which spouted the data letting anyone working at the company access the information. The exposed details were available for hours.

60GB of information was provided by H&M to the DPA.

The company took many steps to recoup the level of security and transparency – the brand has reportedly contributed into compliance and launched a data protection program in Nuremberg. A new employee has been assigned to implement data protection coordinating. The new risk management framework of the affected service center included mechanisms preventing whistleblowing and updating privacy status.

It has been noted that H&M was going to reimburse the employees for major inconvenience.

Interestingly, according to Trust Anchor, the penalty considering the company’s turnover the penalty should have been two times higher – about €61 million, but thanks to the cooperation with the DPA it has been cut in half.

Now back to the concept of righteous profile and what it can be. The desire to create a profile for each key employee in an organisation is not really outrageous, it is all about what can and can’t be done. Recording casual talks with your colleague or making notes in order to hand them over for further processing is definitely not a legitimate option, but a major privacy breach. When it comes to employee assessment and evaluation of appropriateness of job assignment position, there are legal measures which should be taken.

The automated profiling solution can be implemented within a company’s system. It is developed to help HR department, to improve decision-making regarding a specialist’s appointing, tasks allocating and entrusting employees with crucial responsibilities, enhancing overall performance and increasing productivity, figuring out skillful and promising employees.

Learn more about automated profiling

Only correspondence conducted via corporate channels during work hours and on corporate devices can be analysed in order to create an unbiased understanding of a staffer’s skills, diligence, strengths and weaknesses. Knowing these details allows avoid prejudices, erroneous opinion or overly personal likes and dislikes.

The system runs on strictly set algorithms and analyzes data excluding personal opinions and emotional baggage.

In some cases, companies, which hire remote employees and never have any opportunity to know each specialist in person, to pay attention to professional progress, involvement into the business processes and projects or growing disinterest, might want to learn a bit more about whether a hired professional’s goals, intents and dedication meet the same ones of the company.

Employee analysis helps enhance communication within a team and between managers and employees in many ways:

•    Some jobs require specific qualities, and some of these jobs are serious enough to not accept even few mistakes or a person who pretends to be suitable but in fact quite unfitting for that very job. Of course, there are tests which can be made before taking such professionals onboard and letting them lead the project, but tests won’t show you the real picture of an employee in progress, whereas this is exactly what is important – to see how a specialist deals with an assigned job in progress, whether something changes in comparison to what was at the start.
•    Know your employee individuality in order to not spoil the cooperation spirit by wrong attitude, have a unique approach to someone if necessary.
•    Information can’t be trusted equally to everyone who gets access to corporate assets. Automated profiling has been developed to the extent when emotionally and informationally limited corporate correspondence can draw out results based on criteria which matter only within job-related issues, for example, whether a specialist can be trusted with the top secret data.


Appointing new CEO, bringing a teacher to work with children – it might be helpful to make sure that no recruitment mistake was made. Automated profiling lets you identify prevailing type of conduct, personality traits, purposes and respond to management decisions, influencing colleagues, motivation, loyalty and criminal tendencies without resorting to such illicit and utterly indecent ways of pulling information as spying and whistleblowing divulging private life details.

Automated profiling lets a company receive reliable and impartial staff assessment with no emotional baggage, know its implicit leaders who can manage the team if needed, make important decisions concerning the level of responsibility, appointing new positions, granting access to sensitive data and even measure healthy workplace environment.

Subscribe to get helpful articles and white papers. We discuss industry trends and give advice on how to deal with data leaks and cyberincidents.