The Working Time Act: Here's Your Ultimate Guide to Time Tracking and GDPR Compliance

Published on:
June 19, 2024
|
Reading time:
5 min.
WRITTEN BY
Martin Folke Vasehus
CEO, Founder and attorney
TABLE OF CONTENTS

Want to know more about GDPR requirements?

Find everything you need in The Little Guide to GDPR—a straightforward breakdown of key obligations.

If you’re a Danish employer, you’re probably aware that July 1, 2024, is an important deadline: The Danish Working Time Act comes into force. And you’ve probably ended up here to learn more about it.

In this blog post, we’ll talk about the new rules on time tracking and the GDPR aspects, but also why tracking working hours can strengthen your competitiveness and your business.

  • What is the Working Time Act?
  • Who is covered by the Working Time Act?
  • What type of working hours must be registered?
  • How do you implement the ‘right’ system for tracking work hours?
  • What are your GDPR obligations?
  • Why is time tracking a win-win-win?

What is the Working Time Act?

The new Danish Working Hours Act comes into force on July 1, 2024, and requires all employees in Denmark to register their working hours.

The requirement stems from an EU judgment, which states that rules on a maximum 48-hour working week and rest periods can only be effectively enforced if employers make sure to register working hours.

Who is covered by the Working Time Act?

The rules of the Working Hours Act apply to all employees in Denmark except:

  • Self-employed persons
  • Self-organizers (employees with great freedom/flexibility in their work, e.g. employees in management positions)
  • Managing directors

What type of working hours must be registered?

The Working Time Act obliges you as an employer to have a system where your employees, as a minimum, can register:

  • Their total daily working hours
  • Deviations from the agreed working hours (between the employer and employee)

By that, your employees don’t need to register specific tasks or working hours.

How do you implement the 'right' system for tracking work hours?

Organizations must implement “an objective, reliable and accessible working time registration system.

If that definition turns you into a living question mark, we understand. Because what does it really mean?

If you ask us, it means that you meet the implementation requirement if you choose a supplier that specializes in time tracking – like TimeLog.

In addition, you should also:

  • Update GDPR processes
  • Create a time tracking policy, so it’s clear and documented that you have considered how your time tracking works


Therefore, it may be difficult for you to comply with these requirements if you use Excel for time tracking.

For example, it won’t be functional with a manual system as you can’t set up automatic deletion, you can’t extract customized reports, and you’ll struggle to protect your data properly.

Therefore, you’ll also struggle to comply with the GDPR requirements that we’ll give into now.

The Working Time Act through the lens of GDPR

To comply with the requirements of the Working Time Act, you need to register, store, and – not least – protect your employees’ data. Therefore, you are also obliged to ensure your compliance with the GDPR.

We’ve created this checklist to help you meet your GDPR obligations in the Working Time Act:

Privacy policy

It’s important that your company makes sure to update the employee privacy policy so that your employees are well-informed about:

  • The type of data being processed
  • The purpose of the processing
  • The legal basis for processing
  • The deletion of their data


If your organization doesn’t update your privacy policy and make the information available to your employees, this specific decision from the Danish DPA is an example of what the consequence might be:

Deletion policy

As an employer, you must ensure that data on working hours is stored for five years after the end of the period that forms the basis for calculating employees’ average weekly working hours.

In other words:

Five years plus four months.

You must also ensure that the data is automatically deleted after that period.

In addition, you must be able to give both current and former employees access to their data if they ask for it.

System supplier: Roles and agreements

If your organization uses a system supplier to record time, they are a data processor under the GDPR. Therefore, you must make a DPA (data processing agreement) and audit your supplier’s security.

You can do this through annual confirmations or by getting an audit report.

Risk assessment and data security

You should conduct a risk assessment to understand which and how many security measures you should implement to mitigate your risks.

If you want to learn more about how to do a GDPR risk assessment, you can dive into our step-by-step guide here.

Legal basis for processing

The legal basis for tracking and storing data on your employees’ working hours is Article 6(1)(c) in the GDPR, which is about legal obligation.

You shouldn’t have consent for this processing as it would be the wrong basis for processing.

Why is time tracking a win-win-win?

The Working Time Act and time tracking are beneficial for employees, managers, and the organization as a whole because:

1. Time tracking gives employees a clear overview of how they spend their time and whether it matches the expectations of their role. In this way, time tracking can help employees pinpoint workloads and inefficient processes. Time tracking also allows employees to see how they contribute to the success of other teams, for example.


2. Managers can use time tracking to get insights into project finances, resource allocation, and workloads of their employees. This can help them make better decisions and optimize work processes. We’ve also seen examples of managers using the data coming from time tracking as a basis for 1:1 conversations with their employees. For example, to coach them, help them prioritize their tasks, and ensure their personal development.

3. Time tracking is a strategic tool that you can use to analyze and optimize what your company spends time and money on. It can also help you identify the projects, customers, and employees that add the most value to your business.

It's time to track - and summarize

Like all new regulations, the Working Time Act and its GDPR obligations need your full attention.

But as always, we’d like to emphasize that compliance is not a ‘chore’, but a golden means to demonstrate your company’s compliance, make it attractive to the outside world, and gain significant business benefits.

Want to know more about GDPR requirements?

Find everything you need in The Little Guide to GDPR—a straightforward breakdown of key obligations.

Get the guide
Published:
June 19, 2024
Category:
GDPR