Aditech - Iris - EU GDPR decision

Iris Recognition Biometric Technology is the answer to EU GDPR requirements for Access Control or Time and Attendance

As part of the Brexit negotiations, the decision on the movement of personal data across the UK/EU border has once again raised the issue of where Time and Attendance or Access Control data is stored and processed. For UK businesses the GDPR rules have been a challenge and now with another potential barrier, could this cause even more grief?

The European Commission has recently published its draft UK adequacy decisions. If adopted these decisions will allow for continued free flow of personal data from the EU into the UK.

As well as its decision under the General Data Protection Regulation (GDPR), the EU also published another draft decision for personal data related to law enforcement.

The adequacy decisions are now with the European Data Protection Board (EDPB) who will deliver an opinion to the European Commission and representatives from the EU member states.

Aditech - ICODuring this process, UK businesses and public authorities will continue to be able to receive data from the EU under the adequacy bridge agreed in the 2020 trade and cooperation agreement. *

Information Commissioner, Elizabeth Denham said:

“The draft adequacy decisions are an important milestone in securing the continued frictionless data transfers from the EU to the UK”.

“Today’s announcement gets us a step closer to having a clear picture for organizations processing personal data from the EU and I welcome the progress that has been made.”

Over the coming months these decisions will become clearer and the potential ramifications for UK businesses who store or process personal data in the EU should be clarified.

Watch this space for News

Paul StanboroughPaul Stanborough, MD at Aditech Ltd. commented: “From an Iris Recognition perspective, identification data is not directly subject to GDPR requirements as there is no correlation between either the scanned data or the enrolled data and any personal data for the individual. This is generally handled locally by the host system.”

Adding “It is clear that this decision may have serious implications for multi-national companies who insist on storing or processing data from UK systems at their EU headquarters, but let’s hope that common sense prevails and the free flow of data is assured.”

*Source: ICO (Information Commissioners Office)

For further details contact Paul Stanborough, Managing Director Aditech Limited.
Tel: +44 (0)1296 398085 – Email:

Download a PDF version of this article

Leave a Comment

Your email address will not be published. Required fields are marked *

Get In Touch
close slider

    Your Name

    Your Email

    Tel. No

    Your Message

    Scroll to Top