GDPR Data processing modelAccess control by biometric authentication in the workplace
By: Ludwig KarnethPurposes (2)
A purpose is the objective pursued by the setting up of your file. It indicates what the processing of personal data will be used for, its purpose. This purpose must be clear and understandable
Data categories (3)
Personal data is any information relating to an identified or identifiable natural person. A natural person can be identified either directly (eg surname and first name) or indirectly (eg phone number, social security number, email or postal address, but also voice or image)
Data generated by the device: logging access to work tools
Data details
Data conservation rules
Active base:
The access logging data produced by the biometric device cannot be stored in the active database for more than six months from the date of registration. This does not, however, prevent them from being kept in an intermediate archive separate from the active database, with restricted access, insofar as there are specific legislative or regulatory provisions, or if these data would be of interest in the event of litigation, justifying keeping them for the duration of the applicable prescription/forclusion rules.
Data generated by the device: premises access logging
Data details
Data conservation rules
Active base:
The access logging data produced by the biometric device cannot be stored in the active database for more than six months from the date of registration. This does not, however, prevent them from being kept in an intermediate archive separate from the active database, with restricted access, insofar as there are specific legislative or regulatory provisions, or if these data would be of interest in the event of litigation, justifying keeping them for the duration of the applicable prescription/forclusion rules.
Data entered by the employer or its agents
Data details
Definition
Photo, audio recording, etc.
Definition
Photograph including the person's face
Definition
Name of the person
Data conservation rules
Active base:
Raw recordings (photo, audio recording, etc.) of the biometric feature can only be processed for the time required to calculate the template(s): they cannot therefore be stored.derived biometric data can only be stored in the form of encrypted templates that do not allow the original biometric feature to be recalculated. They may only be kept for as long as the person concerned has been authorized, and must be deleted if authorizations are withdrawn or if the person concerned ceases to work for the employing organization
Destruction
Data subject (1)
A data subject is any person whose data is collected, retained or processed by the data processing. e.g. In a recruitement process, any candidate for a position proposed in recruitement management process
- Employees
Attribution / Pas d'utilisation commerciale
CC-BY-NC