Let's start at the beginning: the definition of biometrics. It is, literally, the measurement of an individual's personal characteristics.
Biometric authentication, which we will discuss in this article, is that which measures appearance: being identified via a face scan or digital fingerprints.
Companies can use biometrics for a variety of purposes: recording time, controlling access, logging into a computer or simply identifying themselves. Think of double-checking in your banking application, for example.
At first glance, this is very convenient, as you normally always have your face and hands available, so you can't forget them at home or in your car.
The icing on the cake is that a person's fingerprints are unique and therefore non-transferable. But since the GDPR legislation came into force, biometric data has become sensitive information.
What do you need to consider when using biometrics in your company? Why implement it? What would be the benefits? These questions will be answered in this brand-new blog post.
Let's start with the most important thing: no, fingerprints are not stored at all. Understand that a fingerprint will be converted into a simple series of dots (also called a template), which in turn translates into a series of 0's and 1's. This "template" will be analysed and will allow you to be identified. It is absolutely impossible to reconstruct a fingerprint on the basis of its template alone.
This is because each reading technology stores its fingerprint templates differently and they are therefore not interchangeable. And this is what guarantees data security! When data is exchanged anyway (e.g. for salary processing), it is always done via a secure line (https), or via a local network.
The employer (who is also the data controller) is obliged to actively and transparently inform his employees and to ask for their explicit consent to process their biometric data.
As a company, you can therefore not assume that biometrics will be used by your entire staff. So, you still need to provide badges or access hardware as an alternative.
The privacy of employees is also protected by GDPR legislation. This assumes that the controller has a legitimate reason for using the personal data.
In other words, the employer must be able to justify why it has biometric access control to premises and/or computers. It is therefore a decision that cannot be taken lightly.
Not necessarily, but it does have several relatively attractive advantages:
- A real convenience for its users: the risk of forgetting one's head or hands remains very low.
- Maximised security because it is practically impossible to falsify. No more risk of losing or having your access badge stolen.
- Save time because you don't have to worry about remembering or resetting passwords.
To further maximise security, "double authentication" is possible: identification by biometrics, followed by verification by badge or PIN code.
Of course, this is also perfectly possible in reverse order. This is an additional security mechanism that also contributes to the accuracy of data processing.