GDPR fine against H&M: € 35.3 million

von Tobias

The Swedish fashion brand H&M is said to pay a fine of 35.3 million euros for spying on employees. Hundreds of employees at the service center in Nuremberg are said to have been monitored. The Hamburg commissioner for data protection, Johannes Caspar, justified the decree on Thursday. Read the blog article to learn more about the GDPR fine against H&M.

This case shows a serious disregard for employee data protection. “The amount of the fine that was imposed is therefore appropriate and suitable to deter companies from violating the privacy of their employees,” he emphasized.

Since the company has its German headquarters in the Hanseatic city, the case is the responsibility of the Hamburg commissioner for data protection.

The case became known by Breits in 2019. According to the authorities, information about their private living environment has been extensively stored and processed for individual employees since at least 2014. Vacation and sickness absences would have superiors had a “welcome back talk”. In some cases, not only specific holiday experiences, but also symptoms of illness and diagnoses were recorded.

Some superiors had also “acquired a broad knowledge of the private life of their employees through one-on-one and floor discussions, ranging from harmless details to family problems and religious beliefs,” it said.

“To compensate those affected on site and to restore trust in the company as an employer” was expressly rated positively by Caspar.



The GDPR fine against H&M shows once again how important employee data protection is within the company. Our colleagues will be happy to help you with the question of how specifically you have to or are allowed to handle your employee data. Feel free to contact us using our contact form or 08505 91927-0.

Would you like to find out more about GDPR fines? Use our GDPR fine calculator, read other interesting blog articles and watch our videos.


Der ISO/IEC 27001 Auditor / Lead Auditor mit langjähriger Tätigkeit in führender Funktion agiert für Kunden und Kollegen als kompetenter Ansprechpartner im Bereich der IT und IT-Security. Neben jahrelanger Erfahrung bei der Betreuung und im Management von komplexen Software- und IT-Projekten, VDI/Virtualisierungs- und NAC (Network-Access-Control)-Lösungen fühlt sich der zertifizierte Microsoft Spezialist auch im Bereich der Softwareentwicklung zu Hause. Mit seinem weitreichenden Wissen und vielseitigen technischen Know-how bereichert er Kunden und Team gleichermaßen.