It was reported today that the Dutch Data Protection Authority (AP) has issued a fine of 725,000 euros to an unspecified company for violating the GDPR. The company in question failed to follow multiple GDPR guidelines for processing employees’ fingerprints.
No consent from employees
Employees indicated they were surprised to learn they were required to provide the company with a finger scan. Moreover, due to a lack of informative procedures, it was not clear to the employees what the consequences would be if they refused to do so. In this situation, the employees were not given the opportunity to explicitly grant permission. Some employees mentioned to the AP that they considered the scan to be obligatory.
Dyflexis advice
In November 2019 we sent out a newsletter to our customers, informing you on the DPIA list (Data Protection Impact Assessment) of the Dutch Data Protection Authority. Included in this newsletter was our advice on how employers should process finger scans. In response to the report mentioned above, we would like to draw your attention back to this advice.
Let employees decide
Dyflexis would like to emphasize once again that the GDPR stipulates that you cannot ask employees for a finger scan. We advise our customers to leave the decision on whether personnel would like to make use of a finger scan, card or tag entirely up to the employees. Don’t ask the employee if they want to clock in or out with their finger. Instead ask them which method for clocking in and out they prefer. In addition, you can via the Settings page in the Dyflexis system activate a feature so that when the employee logs in again, a prompt will appear asking them to choose if they want to use a finger scan or not.
Provide a card or tag first
You can even go a step further by giving all employees a card or tag by default and then offering the finger scan as an extra option. This way you emphasize that the choice for a finger scan is absolutely not an obligation, which assures the employee that no pressure is put on them to use the scan. Our experience tells us that many employees will ultimately choose a finger scan, because it saves an extra key ring (tag) or card in the wallet.
You can contact Dyflexis to order more cards and tags. The prices are € 2.50 per card and € 3.50 per tag (minimum 10 tags). You can email your order to support@dyflexis.com.
Alternative: New Rex-O-Matic NOA
We’ll be launching our new Rex-O-Matic NOA next month. The Rex-O-Matic NOA enables employees to clock in and out with personal cards such as an OV chip card and bank card. This offers the benefit of being a personal approach that doesn’t require privacy-sensitive information.
For our existing customers we have a trade-in promotion that lets you purchase the NOA at a discount. Ask your account manager for the terms and conditions or send an email to info@dyflexis.com.
