My swipe card. Disciplinary procedures and GDPR

In writing this post, am writing my own comment, based on reference to a recent case study by the Data Protection Commissioner. 

We all know what a swipe card is in employment. You swipe it usually to clock in or out, and sometimes as part of security. To gain or restrict access to parts of the property.

Can data from it be used in Disciplinary proceedings ?

First of all, lets get a few things straight. It's not your swipe card. The card usually remains the property of the employer. Is only provided to you for use in your employment.

Data from it about the employee belongs to the employee. The employee consents to their data being used for the purpose of fulfilling their employment.

Fairness and transparency are a principle of GDPR. Article 5.

Meaning that an employee has to be aware of what you are using their data for. So if you are going to use swipe card data for timekeeping or disciplinary purposes, which may seem to a lot of people, obvious purpose and use of it.  Then the employee should be informed before you collect the data, that you are intending to use it for this purpose. 

Obvious and ideal methods may be the employees contract of employment or your company handbook.

So what, if you as an employer do not inform beforehand. A disciplinary process can fail and an employee can make a complaint to the Data Protection Commissioner. 

If you have dismissed the employee, they may have a strong case for Unfair Dismissal.