H&M penalized for data protection
H&M penalized for data protection
H&M fined €35 million for data protection breaches.
Hamburg State Commissioner for Data Protection
The State Commissioner for Data Protection in Hamburg (Germany) penalizes the Swedish multinational Hennes & Mauritz Ab for obtaining personal data of employees with unorthodox tactics, as in some cases private conversations became a mine of information.
This followed an investigation into the events at a Swedish company’s Nuremberg care center, where it was discovered that there were employee databases containing a multitude of personal data about employees, including those considered sensitive or special category data, such as those related to health.
H&M takes data protection seriously
H&M seems to understand that the problem lay in the lack of knowledge of data protection on the part of employees, forcing itself to implement new internal measures for compliance with the General Data Protection Regulation(GDPR), such as data protection training for its employees, audits, as well as security measures at the IT level.
Data protection consultations in Valencia
Faced with this case, our clients in Valencia have expressed some doubts about whether or not they can store personal data of their employees.
The answer is yes, but it is essential to rely on a specialized data protection consultancy for proper advice and design of customized measures. Remember that sanctions can be devastating.
Some of the measures to be taken:
— Draft specific clauses to obtain the express consent of individuals when their personal data is collected, in accordance with article 6.1 of the LOPD GDD.
— To elaborate an Impact Assessment(EIPD) if processing data considered special category data according to the provisions of Article 9.1 of the GDPR,
— Design technical and organizational measures to prevent possible leakage, loss or alteration of information, based on Article 28.1 of the LOPD-GDD.
— Develop an employee training policy, as it is extremely important to have basic knowledge (at least) on how to process personal data, to avoid misuse of personal data, based on Article 39.1 b) of the GDPR.
— Always have at hand all the documentation that supports the due compliance with data protection obligations, as a result of the principle of proactive responsibility that prevails with this new regulation, and that falls directly on the Data Controller, based on Article 5.2 of the RGPD.
2019 a black year
2019 was a dismal year in terms of data protection, as large fines were imposed on companies that did not respect the provisions of the legal framework for data protection.
Some of these cases were that of Google, with a fine of 50 million euros for not complying with the right to information regarding the advertising use of users’ personal data.
Another was British Airways, where the origin of its fine was the failure to implement sufficient security measures, with a proposed fine of 182 million pounds. This is not the only shocking case in the United Kingdom, as the Marriott hotel chain also suffered the consequences of a massive information leak, with a proposed penalty of 110 million euros.
Get expert advice and avoid penalties
Put yourself in the hands of a good Data Protection Company Valencia / LOPD Valencia, for a good advice and avoid millionaire fines.
[su_button url=”https://businessadapter.es/contacto” target=”blank” background=”#f6f903″ color=”#181818″ size=”7″ center=”yes” icon_color=”#000000″]WE HELP YOU[/su_button]