Fingerprint GDPR

Biometric data and GDPR Guidelines

The answer in most cases is going to be no.

Fingerprint data is biometric data and biometric data has been classified by GPDR as special category personal data that is subject to far stricter rules. Special category data is more sensitive than standard personal data and as a result very much warrants additional protection. Breaches of fingerprint data could lead to identity theft and serious damage to the individual’s freedoms and rights.

Fingerprint GDPR – GPDR requirements on consent for special category data

So you should only use biometric data if the same outcome can not be achieved with any less sensitive data. Time registration can easily be achieved by other means so you should use other means. Even if you have written consent from your staff to use their biometric data for time registration it is unlikely to hold up as GPDR requires consent for special category data to be explicit and freely given (and revoked), the latter is often deemed not to be the case for employees.


Stay updated with new GDPR related changes and requirements. Check our Free GDPR templates and GDPR Privacy Policy Generator.