• Henry Park

$41 million in GDPR fines for H&M


If you think the GDPR is all bark and no bite, then you should take H&M's Germany subsidiary as a cautionary tale (see link). The Data Protection Authority of Hamburg on October 5, 2020 fined that subsidiary $35.3 million Euros (or $41 million dollars) for keeping excessive amounts of personal data on its employees.


The Hamburg Authority found that H&M had been collecting for at least 6 years information concerning its employees' holiday experiences, family issues, religious beliefs, and symptoms of illness and diagnoses. The information was stored on its computer system and shared with a consideration number of managers.


Photo by Iryna Olar from Pexels

Attorney Advertising

Henry Park Law

© Law Office of Henry Park, PC. All Rights Reserved.