Blog » DON’T BE A COPYCAT! DON’T COPY THE ID CARDS OF YOUR EMPLOYEES UNDER GDPR!
DON’T BE A COPYCAT! DON’T COPY THE ID CARDS OF YOUR EMPLOYEES UNDER GDPR!
24 October 2018
During our GDPR compliance projects I often hear from clients that they copy or scan the identity cards of their employees. It may not be my most thrilling article, but I find it important to clarify once and for all that is a bad practice as it is against the GDPR and the recommendations of the Hungarian Data Protection Authority. Below I shortly explain you why copying ID cards is problematic and what you should do instead.
Why do clients copy?
The most common case of copying ID cards is when hiring new employees. Even though the employees need to fill out a data sheet, they are often requested to send their ID cards before the signature of the labour contract.
The HR colleagues almost always tell me that the reason for this is that they need to register the employee at the tax authority before their starting date.
If the data provided by the employee is inaccurate, the employer is not able to make the registration and may face fines. Requesting the copy of ID cards and other documents, like tax cards or social security card allows HR colleagues to check the accuracy of the data and make the registration correctly.
Why is copying not GDPR compliant?
At a starting point, a valid ID card is an authentic instrument and the data contained by it shall be accepted as true and accurate. Nevertheless, the copy made of the ID card by the employer does not have an evidential value, as it is not a certified true copy and is not appropriate to establish the identity of a person.
Thus, a “simple” copy made by the employer cannot prove the accuracy of the data contained by the ID card. Hence, copying the ID cards and storing the copies is not necessary as it cannot fulfil the purpose specified by the employer, briefly said it is against the principle of the purpose limitation.
In addition, the ID cards contain the photo of the employee and other data which may not be necessary for the reporting. Therefore, copying of the ID cards is against the principle data minimisation, too.
Last but not least, imagine the risk that the stealing of the copies could cause to the employees…
What you should do instead of copying?
It seems quite obvious, but instead of copying you can request your employee to show his ID card when you sign the labour contract and you can compare it with the data provided in the data sheet and check whether the latter is correct.
When I tell this to the HR colleagues of the clients, I usually receive two objections. On the one hand, they say that this is not feasible as the reporting of the employee to the tax authority shall happen before the starting day of the employee, while signature of the labour contract happens only on the first working days.
The second one is: what if the HR colleague has a bad day, does not recognize the error when she checks the data and the mistake only emerges only at the reporting when it cannot be solved anymore.
I have a solution for the above problems: you need to review and slightly amend your onboarding procedure.
If you sign the labour contract with your employee before his starting date you can carry out the data check at this time and can make the reporting to the tax authority as usual.
When signing the labour contract, in line with the ‘four-eyes’ principle, you can instruct a second colleague to check the ID card and to confirm the accuracy of the recorded data.
I know that this might need extra effort or resources but in a recent recommendation, the Data Protection Authority made it clear that the aspects of convenience or faster administration cannot justify the copying of ID cards.
To summarize the above instead of copying your employees’ ID cards for certain reasons you should only request them to show their ID cards and compare it with your records. By doing so, you can remain GDPR compliant and avoid the possibility of a data protection fine for unlawful data processing.
IS THE JUDGE BIASED BECAUSE OF UNFAVOURABLE JUDGMENT IN OTHER CASE?
Can a judge be disqualified from deciding the legal dispute on the grounds of bias if he has delivered a judgment unfavourable to the plaintiff in another case? Can a court be biased if the plaintiff has "challenged" a previous decision of the court before the European Court of Human Rights? In this article, we answer these questions by analysing a recent judgment of the Hungarian Supreme Court.Read more »
CAN INCOMPATIBLE WORKPLACE BEHAVIOUR BE A GROUND FOR DISMISSAL IN HUNGARY?
Refusal of employer 's instructions, unjustified absence, intentional damage: some cases where the justification for dismissing an employee is relatively easy to determine. What happens, however, if the employee does not commit a severe breach of duty similar to the one above, but his or her colleagues consider him incompatible, with whom it is impossible to cooperate, or even afraid of him or her. Can dismissal be justified by behaviour that is incompatible with others and creates disharmony in the working environment? In our article, we seek the answer to this question in the light of Hungarian judicial practice.Read more »
CAN A JUDICIAL ERROR CREATE HUNGARIAN JURISDICTION DESPITE A PLACE OF PERFORMANCE ABROAD?
Can a defendant, domiciled abroad, be sued in Hungary under the Brussels I Regulation in the event of defective performance of an international sales contract if the place of performance is abroad? Can the jurisdiction of a Hungarian court be established based on the fact that the lower court expressly established its jurisdiction at the beginning of the litigation? How is the EXW clause to be interpreted within the meaning of the Brussels I Regulation? In our article, we analyse the recent decision of the Supreme Court of Hungary.Read more »