GDPR compliance in everyday business

GDPR in Practice: Compliance and Fines

Mamnoon Hadi

Head of Analytics & Insights at Readdle

Case study: H&M GDPR violation

Overview$^1$:

  • H&M fined €35.3 million for unlawful employee-monitoring practices

  • Violated employee privacy with detailed personal data collection, without consent

1 www.edpb.europa.eu
GDPR in Practice: Compliance and Fines

Case study: H&M GDPR violation

 

Key facts:

  • Data collected: Personal details from "welcome back talks" (holiday experiences, illness symptoms), informal discussions

  • Information saved digitally, shared with decision-makers

  • Violated employee rights through intensive data collection

GDPR in Practice: Compliance and Fines

Case study - Lessons learned

 

Lessons Learned:

  • Employee data must be collected transparently and with consent
  • Strong data protection policies and oversight are essential
  • Companies must be proactive in identifying and rectifying violations

Company Response:

  • Apologized, compensated employees, and overhauled data protection practices
GDPR in Practice: Compliance and Fines

Impact of violations

 

  • €35.3 million fine
  • Reputational damage: loss of employee trust, public backlash
  • Operational impact: overhaul of data protection policies, resource allocation for compliance
GDPR in Practice: Compliance and Fines

Takeaways

 

  • GDPR compliance is crucial for protecting employee data

  • Violations can lead to heavy fines, reputational damage, and legal consequences

  • Proactive compliance measures & regular review can prevent such issues

  • Always obtain clear consent for collecting employee data

  • Implement and enforce strong data protection policies

  • Understand the consequences of non-compliance, including fines and reputational damage

GDPR in Practice: Compliance and Fines

Let's practice!

GDPR in Practice: Compliance and Fines

Preparing Video For Download...