The Spanish Agency for Data Protection has published a Guide to Treatments for the control of presence by means of biometric systems in which set the criteria for the use of biometrics in access control both in the workplace and non-work, establishing the measures that must be taken into account because a treatment of personal data that uses this technology complies with the General Regulation of Data Protection (RGPD) and other applicable rules.
The AEPD is considered the treatment of biometrics, both for identification and as for authentication, such as high-risk because they include categories of special data, and that for this kind of treatment is not valid simply the consent of the interested party.
As it is established in the RGPD, to be able to treat these categories is necessary for the existence of a circumstance that raises the prohibition of its treatment and, in addition, a condition that legitimises.
Download our circular to find out how it affects the workplace and non-work this Guide published by the AEPD in respect of the use of biometrics in access control.
