A new record penalty has been set in Germany: H&M is required to pay around 35.3 million euros due to infringements of the General Data Protection Regulations (GDPR). This ruling for the Swedish textile trader should be a warning to all businesses that handle unstructured data records from which information can be obtained about staff, customers or partners, for example. The dataglobal CS software creates clarity and protects businesses from attracting the unwanted attention of data protection authorities, with the risk of being issued with a hefty fine.
The penalty for H&M was issued by Johannes Caspar, the data protection officer for the Hanseatic City of Hamburg, where H&M has its German headquarters. Caspar is accusing the fashion chain of severe employee data protection infringements at its Nuremberg site. It is alleged that at a Hennes & Mauritz call center there, managers collected details from the private lives of staff in private conversations and stored them without their knowledge over many years. The Hamburg data protection officer is now investigating because evidently, a configuration error meant that for a short time, the data was freely accessible to everyone in the company on a public drive.
Infringements of the GDPR can be very costly
Even the cooperative attitude of the H&M management towards the authorities, the company’s internal investigation and financial compensation for those affected failed to prevent the highest-ranking data protection officer in Hamburg from handing down the maximum penalty for a breach of the GDPR. As Johannes Caspar himself said, he hoped that in doing so, he would deter other companies from doing the same.
H&M broke the record held until then by Deutsche Wohnen SE, which was issued a penalty of 14.5 million euros by Berlin’s data protection and freedom of information officer, Maja Smoltczyk, in November 2019. The reason: The Deutsche Wohnen SE archive system had been handling sensitive tenant data with insufficient sensitivity. About a month later, 1&1 Telecom GmbH had to pay 9.5 million euros because the service provider had taken “no adequate technical and organizational measures” to protect customer data. In general, the following applies under Article 83 of the Genera Data Protection Regulations: Infringements of individual clauses may lead to penalties to companies of up to 20 million euros or four percent of total global annual turnover during the previous financial year, depending on the severity of the infringement.
The solution is easier than you think
When a company sets itself the standard of doing business in a responsible way and maintaining a trust-based corporate culture, no data about the private lives of its staff is needed. It must only be ensured that the personal data that is genuinely required is sufficiently protected. This is the purpose of the GDPR.
Since it was introduced, this requirement has been causing nothing less than panic among many companies. They have felt overwhelmed and unsettled by the standards specified in the regulations. At the same time, acting in compliance with data protection regulations isn’t rocket science. It already helps a lot if all the data is stored in a structured way. This is where dataglobal CS comes in. The software creates transparency at the touch of a button.
GDPR-compliant with dataglobal CS
In these times of vast increases in data quantities, the amount of relevant information is growing as a result of digital work at different places and with different platforms. However, when standard search functions are used, this information can only be found and processed with a great deal of effort, if at all. dataglobal CS tracks the unstructured data throughout the company and across all platforms. Through self-learning classification, pre-prepared taxonomies, full-text indexing and manual tagging, our software creates transparency and control over all data. As a result, they can be tracked at all times and very easily stored, archived or deleted with a log on a rules basis.
In this way, dataglobal CS significantly increases the efficiency of corporate processes, ensures compliance and minimizes the risk of infringing the GDPR. In our YouTube video, we explain the most important functions and benefits of dataglobal CS and demonstrate the benefits of the software with reference to a best practice example.
Would you like more customized information about dataglobal CS? Then simply get in touch with our experts. Do you have any questions? We are happy to help. Contact us at request@dataglobal.com or +49 7131 1226 500
Comments are closed.