The Swedish clothing handler Hennes Mauritz (HM) should be a punishment in the high of 35.258.Numbers 707.95 euros after having massively wired in a service center in Nurberg employees. The Hamburg Data Protection Officer Johannes Caspar has now sent the company to the company, which has his German headquarters in the Hanseatic city. He raises HM to have difficult to disregard the procurement data protection at Nuremberg location.
It is the highest book money, which prompted supervisors in this country since the Data Protection Basic Regulation (DSGVO) has been applicable for two and a half years. So far, the record was the 14.5 million euros, with which the Berlin Data Protection Officer Maja Smoltczyk was against the real estate company German living. But this does not want to recognize the decision.
"Appropriate and suitable" for deterrence
The punishment against HM is in the face of the reported, just forfalling with a Big Brother Award also long in her "High appropriately and suited to deter companies from violations of privacy of their employees", charged Caspar the step. He praised too "The transparent enemination by the responsible persons and the awareness of a financial compensation". These showed the will, "to send the concern to the respect and the creation, which they earn as a dependent business in their day-to-day use for their company".
In the Nurmark Call Center, it was at least since 2014 with part of the employees "For extensive request of private lives" Caspar raises the company. Corresponding notes were permanently stored on a network drive. Even after short vacation or illness, the superiors team leaders had a so-called "Welcome back"-Talk carried out. After that, not only concrete holiday experiences of the employees were recorded in many cases, but also disease symptoms and diagnoses.
Wide knowledge about private life of employees
In addition, some supervisors of single and corridor language are a broad knowledge of the privacy of their employees, it is up to the author, "that ranged from more harmless details to family problems as well as religious agreements". The findings were partly digitally stored and has sometimes readable for up to 50 more warranty in the whole house.
"The records were sometimes made with a high degree of detail and updated in time", Constate Caspar. The data thus collected were not only used to enable the individual work to act meticulously. Also a profile of the employees for measures and decisions in the employment relationship had been created. These "Combination of the investigation of private life and the ongoing inventive, which activity they proceeded, resulted in a particularly intensive intervention in the rights of those affected".
Record of around 60 gigabytes
The thing flew up because the file was insufficiently secured as a result of a configuration error and was visible in October 2019 for a few hours of enterprise. Caspar ordered according to corresponding press reports first, the content of the network drive complete "freeze" and then demanded the publication. The company came to the graduation and presented a record of around 60 gigabytes. Reports of numerous witnesses confirmed the overseer after analysis of the data the documented practices.
Hm led parallel to own information "far-reaching maws" and separated from employees "lead-plane" In the service center. The company has one "Comprehensive concept submitted, as should be implemented from now on at the Nurnberg location", besty Caspar. Building blocks are beside one "Unconscious compensation in considerable high" A newly proclaimed privacy coordinator, monthly status updates around the privacy of the workers, a highlight of communicated whistleblower protection as well as a "Consistent information concept".
The company wants the Bubgeld decision now "carefully" and then decide if it will accept him. At the same time, the HM Group emphasized that she commits to Fuhle to keep the DSGVO Fortan. One stop "Strictly at the laws and regulations of state-of-the-art privacy abilities as well as the high-own, company-internal policies".