A group of employees was questioned, e.g. after coming back from holiday or sick leave for details, personal details, religious blieves, family problems, etc. These details were stored on a file server and collected – over the years – 60 GB of data on centralized servers and other information storages were collected. The data was accessible for about 50 people in management and for some hours for all employees in the company, profiles were build together with observations on the efficiency of the workers. All together it had impact on the employees in their forthcoming and the employee employer relationship.
After it came up, the company froze the data and acted together with the authority. The company – without being pushed by authorities or employees – offered Euro 2500 per effected employee as a compensation. Some employees saw this critically as some management people collecting the data also were offered these compensation and they terminated their employment with the company.
(a) Data privacy violations can lead to hefty fines,
(b) employees go,
(c) freely giving compensation and cooperation with authorities lower the fine.
Press release of data protection authority in German language is here.
There is an initiative which asked the authority in Hamburg to disclose the full text with all details of the letter with the fine, here.
It seems that DLA Piper is representing H&M, here.