H&M fined for breaking GDPR over employee surveillance
H&M has been fined £32.1m (€35.3m) for the illegal surveillance of hundreds of employees, breaching GDPR legislation.
It is the second-largest fine a single company has faced under EU GDPR rules after French data regulator, CNIL, fined Google €50m for breaching the regulations.
H&M carried out the practice from at least 2014 while H&M management acquired "extensive recordings of the private-life circumstances" of employees, the data protection service said.
Members of staff would be invited to "Welcome Back Talks" after periods of sick leave or vacation, after which information was often recorded and digitally saved so that "up to 50 other managers throughout the company" could be made aware of the details.
In a statement, the company said, "The incident revealed practices for processing employees' personal data that were not in line with H&M's guidelines and instructions."
"H&M takes full responsibility and wishes to make an unreserved apology to the employees at the service centre in Nuremberg."
The retailer said it has made managerial changes at the centre and carried out "additional training for leaders in relation to data privacy and labor law."
Workers who have been there for at least one month since May 2018 are to receive financial compensation, the company added, without disclosing how much they would be afforded.