Following an anonymous tip, the (Dutch) Personal Data Authority (AP) imposed a fine of € 725,000 on an unknown company. The company required employees to register fingerprints in order to register working hours. This is a violation of the General Data Protection Regulation (GDPR), according to the AP.
A fingerprint is a special categorie of data. A company may only use special personal data if permitted by the GDPR. Fingerprints are extra protected by law in order to prevent blackmail and identity fraud. The court has ruled that the company may not be made public.
Do you have questions about the GDPR or do you have other privacy related questions? Feel free to contact Arsen Mukuchian.
Source: Personal Data Authority