Mary J. Hildebrand CIPP/US/E speaks to SC Magazine about H&M’s recent $41.5 million penalty for collecting personal data on its employees in Germany. She observes that while companies may understand that their employees have “the same rights under applicable data protection laws [such as GDPR] as revenue-generating customers, [they often lack] … appropriate follow-through and implementation of these policies to ensure that employee privacy rights are respected.”  Hildebrand adds, “H&M has generated an impressive list of to-dos in an effort to compensate for egregious and illegal data collection and processing activities.”