Recently, as read in an article published by HR Review, retail giant H&M were fined a hefty sum of 35 million euros after they were found to be monitoring and recording details about their employees’ private lives which was deemed to be breaching data protection laws.
It has been reported that the Swedish multinational clothing-retail company was fined by the German authorities for internal data security breaches at its customer service centre in Nuremberg. It was found that the retailer has been recording personal information about their employees since as far back as 2014. The data was collected, at times, through informal conversations where the employees were not aware that what they were saying was being recorded and used for business purposes. The data gathered was used to create a detailed profile of the employees which was then used for measures and decisions regarding the employee’s employment. After being stored digitally, the data was able to be partly read by up to 50 managers, a shockingly high number of staff being able to see employee’s personal data and where they had no contractual or reasonable need to do so.
In October 2019, an internal computing error meant that the data gathered over the previous five years was made visible to everyone in the company. This breach of data protection allowed staff within the company to view information stored on their colleagues such as family problems, religious beliefs and even symptoms and diagnosis of illnesses. A statement from H&M reads, “The regional data protection authority in Hamburg has imposed an administrative fine of 35 million euros. The H&M group admits shortcomings at the service centre and has taken forceful measures to correct this”. The fine imposed on H&M is the highest fine for such breaches in Germany since its latest data-protection legislation, GDPR, came into force.
What is GDPR?
GDPR is the General Data Protection Regulation that came into effect in May 2018. It is a legal framework for keeping everyone’s personal data safe. It requires companies to have strong processes in place for handling and storing personal information and has made companies across the world look at how they gather, store, and use the data they collect on customers, prospects, and employees. Any company found to be in breach of GDPR will be investigated and presented with a very expensive fine which is why it is important to have systems and process in place that will help you to comply with the legislative rules set out in GDPR.
Nick Pye, our CEO commented, “although this happens to be a story about a high profile and successful retail business, companies of all sizes need to take heed and pay significantly greater attention to who has access to personal and sensitive data and indeed ensure that clear guidelines exist to establish what data needs to be stored at all. We know from the investigative discussions we have with our own clients that few give thought to their data protection obligations and the importance of only providing access to those persons necessary for the performance of a contract, or who have a legitimate interest, or for compliance reasons with a legal obligation. “
“We’re keen for all of our clients to accurately determine their use of our security framework to dictate who has access to what elements of data, and this must be able to be done on a granular basis. HR software continues to evolve but in response to helping clients comply with the GDPR, it’s inexcusable for any vendor to not provide useful tools to help safeguard against this type of breach.”
Is your HR Software GDPR compliant?
Youmanage goes above and beyond to ensure that our clients fully comply with GDPR legislation. We allow the system’s ‘super users’ to create well-targeted, person-specific Permission Sets which define the level of access that each user has to any employee data. This significantly minimises risk for our clients as they can be confident that their People Managers are only able to view the details and follow the processes that have been set out for them, as dictated by their Permission Set.
In addition to this market leading security framework, we also have in-app Data Removal functionality which further boosts the confidence in our clients that when choosing Youmanage, they are sticking to the guidelines that are set out in the GDPR. Clients can setup their own desirable rules for when any former employee data is no longer relevant and that it is automatically removed from their system. Clients also have the ability to anonymise employee records, this retaining important people metrics for reporting purposes. This unique HR software functionality automates data security housekeeping procedures and allows clients to have peace of mind that they are complying with this important piece of legislation.
If you would like more detail on the functionality and capabilities within Youmanage, please download our brochure. Contact us if you have any questions about the product or why not try a 30-day free trial starting today.
The source of the information in this article came from HR Reviews article titled "Warnings Over Storing Employee Data After H&M Hit With €35 Million Fine" and the Reuters article titled “Germany fines H&M 35 million euros for data protection breaches”