H&M has been hit with a $40m GDPR fine for illegally surveilling employees in Germany.

Francis Gaffney, Director of Threat Intelligence, Mimecast
October 03, 2020

Organisations shouldn't view regulation such as this as a burden and start to view it through the lens of their customers, partners, or employees. GDPR is not just something else an organisation needs to comply with, but rather benefit from the behaviours GDPR is designed to encourage. Organisations shouldn't view regulation such as this as a burden and start to view it through the lens of their customers, partners, or employees. If someone trusts you with their data, you owe it to them to be completely honest about what data you are collecting and to protect it, know exactly how (and where) it is stored, and who can access that data. Many organisations are having to pay penalties for such data breaches and it is only afterwards that the true cost of a breach is realised and those previously perceived potential savings from not investing in security and data management solutions is trivial compared to the significant financial penalties. Furthermore, it is often the case that the damage to the organisation's reputation and branding dwarfs the fine imposed.
