Penalty for use of Biometric data

Penalties for use of Biometric data

The use of biometric biometric data used for the registration of working hours, is considered too intrusive by the AEPD, which has fined a company 20,000 euros.

An alternative option would be to register by means of employee identification cards, use of computer applications, paper records signed by the employee, etc.

Workday registration

But it is a reality that with the entry into force of the working day register according to RD 8/2019, there has been an expansion of systems to make this business obligation simple and one of the most widely used solutions is the installation of biometric data reading systems (fingerprint, facial recognition, iris, etc.) of workers.

Data protection and biometric data

These systems, based on the use of biometric data, have a significant impact on the personal data protection regulations.In fact, this publication is the result of a sanction against a company that used them.

In general terms, their installation implies a previous risk assessment and a Data Protection Impact Assessment and depending on the result, analyze possible less intrusive less intrusive alternative solutions that the reading of biometric data implies.

The assessment will most likely conclude that there are other solutions to comply with working time registration that are just as effective, at the same or lower cost and less intrusive for workers.

It is true that we must differentiate the biometric reading systems used to authenticate the worker, using mathematical algorithms based on records that generate a code of points that serve to authenticate the person concerned, from systems that serve to irrefutably identify the person. The first case involves a lower risk to rights and freedoms in the event of a security breach. security breachHowever, if you want to identify the person, this means storing the biometric data (fingerprint, facial image, etc.) and in the event of a security breach it could cause serious damage to those affected, especially now that thanks to biometric data you can operate with your bank, make payments, etc.

However, the purpose for which these biometric systems are implemented is of crucial importance, since it is not the same to use these systems only for labor registration as it is to use them for, for example, access control to the data controller’s facilities and therefore, the restriction of unauthorized access to them and thereby ensure the security of goods and people.

All of this must be detailed in the Treatment Activities Register (RAT).ARP) and in the Impact Assessment (EIPD), Approve Security Measures as a result of the EIPD, among other requirements that the company must comply with and for this purpose it must rely on expert consultants in data protection, as is the case of Business Adapterwhere we will recommend the most appropriate for your case, avoiding the dreaded sanctions.

[su_button url=”https://businessadapter.es/contacto” target=”blank” background=”#f6f903″ color=”#181818″ size=”7″ center=”yes” icon_color=”#000000″]We help you[/su_button]

Contact us, we will be pleased to help you.
error: Content is protected !!