Hamburg DPA issues €35.2 million fine against H&M for GDPR violations

According to ComplianceWeek, the Data Protection Authority of Hamburg (HmbBfDI) issued a fine against H&M Germany of 35.2 million euro for violations of the GDPR. The company was found to have excessively monitored several 100 employees in a service centre, as parts of the workforce had been subject to ‘extensive recording of details about their private lives’ since 2014. The company stated that the incident revealed practices for processing employee personal data that were not in line with H&M guidelines and instructions.