Employees using their fingerprints to register hours. It sounds like an invasion of employee privacy, but is this true in all cases? In December 2019, a company was fined 725,000 euros by the Dutch Data Protection Authority for this particular way of time registration. The company had not specifically asked its employees for permission and also used their fingerprints for a non-necessary purpose. For this company, it may have been a practical way to register employees' hours, but unfortunately it violated privacy laws.
Biometric data such as fingerprints are unique characteristics of people and with that you can therefore determine someone's identity with great certainty. In addition, clocking in and out always works, after all, you always have your fingers 'with you'. This may not be the case tags and badges; employees can forget or lose them. These considerations have undoubtedly played a role in the company opting for the use of fingerprints in their time registration. Unfortunately, this was not a good move. To prevent you as a business owner from ending up in the same situation, there are a number of important points. The first point is the GDPR. Make sure that you as an entrepreneur meet the requirements of this legislation. As an entrepreneur, you may collect personal data, but preferably as little as possible and only if the goal is justified. Your employees need to be aware of what data is collected (in this case fingerprints) and for what purpose the data is collected. Secondly, it is important to discuss the way of clocking in and out with your employees. What do they find a good way of recording hours? Talking to your employees about these kinds of topics can prevent hassle afterwards and also ensures more transparency within your company about the background of decisions taken. What does a secure way of recording time look like?
A safe way to register time is to clock in and out with a tag or a badge. An example of this is Shiftbase's software. With this software you can let your employees choose the way they want to clock in and out. They can use a company tag, but also their own debit card or public transport card. Do you still want to use the fingerprint, but comply with GDPR legislation? Then Shiftbase is also the right choice! Scanning a finger is possible, but the scan is stored in a terminal (from Datafox) and Shiftbase only gets the finger scan as an employee number. In this way, the fingerprint is not available to the employer or the software manufacturer. So completely 'GDPR-proof'! With Shiftbase, you as an entrepreneur can therefore apply a very practical way of clocking in and out without risking a sky-high fine.