The decision by the Federal Labor Court in September 2022 that the working hours of all employees in a company had to be documented was already on the horizon: In April 2023, the Federal Ministry of Labor and Social Affairs drafted a law making the daily electronic recording of working hours mandatory. This law is due to come into force in 2023. As a result, time recording and data protection are more closely linked than ever.
The biggest challenges in working time recording and data protection
Digital time recording via software on a PC, via chip or card or via an app on a smartphone has a number of advantages. Traceable time recording down to the minute provides employers and employees with the same information. The effort involved is low, as no subsequent processing of the results is necessary. Digital time recording systems such as timeCard are directly linked to the accounting system. Many processes are automated.
However, the concern remains that electronic time recording is not secure in terms of data protection. There is one question in particular: is working time considered personal data?
The General Data Protection Regulation (GDPR) focuses on the protection of personal data. Accordingly, clear legal regulations must be observed for this data.
Personal data is any data that relates to an identified or identifiable natural person. According to the European Court of Justice (ECJ), personal data includes recorded working hours with details of the start and end times of work.
The digital recording of employees’ working hours is therefore subject to data protection. This means that the requirements of the GDPR apply to all data collected as part of time recording in the company.
Recorded data could theoretically be misused to monitor the working behavior of employees. Hacker attacks are also possible.
This would have far-reaching consequences, especially if the company’s working time recording system is linked to employees’ biometric features. For example, fingerprints or eye scans. The wrong hands could use this data to cause great harm.
Biometric features are subject to additional regulations and are considered particularly sensitive personal data. It is therefore decided on a case-by-case basis whether it is appropriate to use them at all. For example, it is rather pointless to use biometric features for time recording in the construction industry. Access to a laboratory with deadly viruses, on the other hand, justifies this system.
The requirements for digital working time recording
Although the law has not yet been finalized and changes are still possible, it is already fairly clear what requirements employers and employees will have to meet for working time recording in 2023.
Electronic time recording means that an electronic time recording system must be used and the recorded working times must be processed with a spreadsheet program.
The mandatory information includes the start, end and duration of working hours each day.
Employers or supervisors may record working time for employees. However, employees may also record their own working time.
Employees have the right to information on the recorded working time. For example, they can request a copy of the records.
There will be certain retention periods for the records, depending on the employment relationship. Two years is the maximum.
As soon as the new Working Hours Act comes into force (we will keep you informed), companies will still have a little time to implement the new requirements:
- Companies with more than 250 employees have one year
- For companies with fewer than 250 employees but more than 50 employees, a period of two years applies
- Companies with fewer than 50 employees can take five years to implement the new Working Hours Act
Conclusion
Time recording and data protection will go hand in hand in future. The requirements of the GDPR must be complied with for personal data when recording working hours. For many companies, there will also be a changeover, as it may be necessary to switch to modern working time recording systems using software or apps. Time recording systems such as timeCard already automatically protect the data as well as possible, but a high degree of caution must also be exercised when continuing to use personal data. The retention periods of the relevant documents require that these are also stored securely.