Tensor designs, produces and installs a suite of products for time and attendance, access control, CCTV, visitor monitoring and HR. These products, both hardware and software, are designed to process employee data to streamline your processes, whether that be monitoring employee attendance, restricting access rights through your premises, or integrating with payroll systems.
Crucially, however, whilst Tensor's products are designed to collect and process this type of data, Tensor and Tensor's employees do not have access to it.
Any data collected by your Tensor systems stays with you unless you share or distribute it yourself — including any data you input manually, via automated integrations, or through Tensor's hardware such as clocking stations and biometric readers.
The collection and handling of this data falls under the remit of the UK data protection laws, as outlined in our blog about GDPR. While the blog focuses primarily on biometric data (such as from our facial and fingerprint authentication products), UK GDPR applies to anything considered personal data. This is data that can personally identify an individual, such as their name, IP address and biometric information.
The data protection laws relate to anyone who collects and processes personal data, including organisations based in the UK and that provide goods or services to customers in the UK.
This means that you are responsible for complying with the data protection laws for your data, its use and its storage. Depending on the setup of your business and the data handling structure, it is likely that you will fall into one of two groups: controllers and processors.
Controllers and processors
The UK GDPR outlines two key parties in the handling of personal data: controllers and processors.
Controllers decide what data to collect, how to collect it and what to do with it. They are ultimately in charge of and responsible for the data collection and processing. It is possible for controllers to share duties as joint controllers.
Processors act on behalf of the controller to process (do things with) the data.
In other words, if your business uses Tensor systems to collect and manage personal data, and keeps overall control of that data, including determining why, how and what it collects, it is considered a controller, and it must adhere to UK GDPR laws.
In addition to complying with GDPR laws, controller responsibilities include ensuring:
- individuals' rights for their data, including accessing, correcting and removing it
- the data is kept secure, both digitally and physically
- a legal contract has been signed with any processors involved and that they meet the GDPR requirements for processors
- any data breaches are reported to the appropriate authorities and affected individuals
- compliance with accountability obligations outlined in the UK GDPR
If the processing and handling of your data is outsourced to another company or organisation, they would then be considered a processor of that data.
Processors' regulations are less stringent than controllers', but include the following:
- processors can only use the data under the instruction of the controller
- a legally binding contract must exist between the controller and the processor
- sub-processors (further outsourcing) must not be used without the authorisation of the controller
- the data is kept secure, both digitally and physically
- any data breaches are reported to the appropriate authorities and affected individuals
- compliance with accountability obligations outlined in the UK GDPR
No matter whether your business is a controller or a processor, the responsibility of adhering to the GDPR laws is yours alone. Tensor does not hold any accountability for any of our customers' adherence to data protection laws, and is not associated with nor responsible for the data our customers' systems acquire and manage.
For more detailed information about the UK GDPR and data protection laws, visit the Information Commissioner's Office website.
If you are looking to implement a secure access control or time and attendance system, talk to our team today.