Swedish world-renowned retailer H&M reveals a €35M fine in their quarterly report.
The fine has been issued by the data protection authority in Hamburg following a personal data incident in the company’s service center. It is likely to believe that the fine is connected to the unlawful gathering of personal data in H&Ms files, conducted by the management and disclosed in a number of previous news articles.
“The data protection authorities evaluated hard drives with a total of around 60 gigabytes of data material, which according to their information revealed “comprehensive records of employees”.”
”The data storage was exposed when employees of the customer center accidentally discovered open folders with explosive material while browsing internal files in the IT system.”
The principle of privacy by design is valid also for unstructured data, and a personal data inventory must be conducted and documented.
Only after such documentation exists monitoring becomes a reality, making it possible to detect and avoid the scandal H&M is facing.