Notifying the data subject about the processing of biometric data and about his rights in this respect, appropriate authorization of persons who process biometric data of employees with an indication of the scope of personal data, an obligation to maintain confidentiality, possibly signing appropriate entrustment agreements in a situation where access to the data is grantd to an external entity.
Indicate the information obligation
An external company providing HR services, conducting a risk analysis, and if necessary – an assessment of the effects of processing database for the protection of personal data. Importantly, the processing of biometric data solely for the purpose of identifying a natural person or for access control has been recognizd by the President of the Office for Personal Data Protection as one of the cases when it is necessary to carry out a data protection impact assessment. ensuring an appropriate level of security of the processd data, both physical, legal, organizational and technical.
Described in the regulations let us
Consequences of unlawful processing of biometric data. An employer who does not respect the law, including the. GDPR and the Marketing List Labor Code with regard to. The processing of employees’ biometric data. Is exposd to the consequences of an administrative penalty. The initiation and conduct of civil and criminal. Procedings, as well as the possibility of the employee filing. A complaint with the National Labor Inspectorate or a lawsuit in court work.