Since the publication of Royal Decree-Law 8/2019, of March 8, on urgent measures for social protection and the fight against job insecurity during the working day, companies are obliged to record the daily hours of workers who carry out their work. activity in the company's workplace as well as those who, due to the characteristics of their functions, are more “mobile” such as salespeople or remote workers.

Forms of recording working hours

Among the ways we find to record the day are the paper registration, through signing in, through mobile devices and through biometric registration.

We will focus on the latter, the registration of the day through biometric data registration, data that is considered sensitive data by the General Data Protection Regulation. Unlike a password or PIN, biometric data reveals more personal information about the person who is identified. Furthermore, the GDPR in its article 9 establishes that “The processing of personal data is prohibited…. and the processing of genetic data, biometric data aimed at uniquely identifying a natural person, data relating to health or data relating to the sexual life or sexual orientation of a natural person.”

What is biometric data?

ButWhat is biometric data? Biometric data are personal data, whether physiological, physical or behavioral, that enable the identification of a person, such as fingerprints, iris or specific features of the face, among others.

Given the importance of these data, the GDPR The use of biometric systems requires an impact evaluation, due to the nature of the treatment itself. Therefore we must necessarily determine security measures aimed at avoiding data leaks that could expose information of the interested parties.

The legal legitimacy for the processing of these data by the company is found in the labor power of the execution of the contract that is included in articles 20 and 34 of the status of workers and that requires the employer to guarantee the registration of the working day.

However, although the employer is not obliged to obtain consent from the worker, he must in any case inform about the treatment and purposes of this time control.

In conclusion, analyzed the importance of biometric data, we realize that Its value lies in preserving our identity, so all legal requirements must be scrupulously observed in its collection and treatment.

If this entry has been of interest to you, we recommend that you specialize in it through the indispensable Master in Compliance & Data Protection Management of the EIP International Business School.

Subscribe to our newsletter to stay up to date with all the news

Name and surname *

Email *

*I give my express consent and accept the Privacy Policy.

Basic information on data protection.
Responsible for the treatment: Mainjobs Internacional Educativa y Tecnológica SAU
Purpose: Manage your subscription to the newsletter.
Legitimation for processing: Explicit consent of the interested party granted when requesting registration.
Transfer of data: No data will be transferred to third parties, except under legal obligation.
Rights: You may exercise the rights of Access, Rectification, Deletion, Opposition, Portability and, where applicable, Limitation, as explained in the additional information.
Additional information: You can consult additional and detailed information on Data Protection at https://www.mainfor.edu.es/politica-privacidad