Companies must ensure that all workers, regardless of their size or sector, are required to record their working hours. Teleworkers must also record their daily working time.
Teleworking, the growth of remote clocking-in systems and the trend towards more flexible working hours have driven the evolution of labour regulations in recent years.
If the company has legal employee representatives, it must provide them with personal data linked to the time recording. The Supreme Court has ruled that sharing this data with the representatives does not violate data protection regulations, so no express authorisation from the workers is required.
Mandatory digital clocking is becoming more and more imminent, especially after the recent approval of the draft law to reduce the working day to 37.5 hours and make digital clocking mandatory. From the middle of this year, companies will have to ensure compliance with this reduced working day and adapt to more demanding regulations that require more precise and digitalised timekeeping.
The Spanish Data Protection Agency considers that current legislation does not justify enough the use of biometric systems in the recording of working hours. The Agency explains that fingerprints or facial recognition, when associated with a numerical code of an employee, are biometric data of a personal nature, as they allow a person to be uniquely identified.
Therefore, biometric data used for the control of working time are considered to be of a special category. For their correct processing, a Data Protection Impact Assessment should be carried out.
Traditional methods, such as Excel spreadsheets, will no longer be sufficient to comply with regulations. For this reason, companies will have to implement more advanced technologies to ensure greater accuracy, traceability and authenticity of clocking-in data.
In addition, the new regulation will toughen sanctions in the case of incorrect time recording, with fines for each worker affected rather than a single sanction for the company.