H & M is a Swedish multinational retail company. It has been banged by enormous $35 Million GDPR fine for coming under the unlawful scrutiny of employees. The Hamburg Commissioner for Data Protection and Freedom of Information imposed the fine. It basically focuses on fast fashion clothing. The company registered in Hamburg and it operates in Nuremberg.
What is Hamburg Commissioner for Data Protection and Freedom of Information?
The Hamburg DPA (Hamburgische Beauftragte für Datenschutz und Informationsfreiheit) is the state Data Protection Authority for the German state of Hamburg.  It is in charge of enforcing GDPR in the private sector, within the German state of Hamburg. Therefore, HmbDSG it makes complementary arrangements to the GDPR and regulates specific situations of data processing for which the GDPR is not applicable. So the GDPR is the applicable law if there is no more specific rule in the HmbDSG or the German Federal Data Protection Act.
How did H & M got penalized?
The authority has imposed a fine on the company saying that it has extravagant records of employees having details about the private lives. It monitored in the Nuremberg service centre. The whole incidence came into light in October 2019. Hence, a configuration made the whole data available to each and everyone in the company.