GDPR & CH-DSG compliant: process employee photos and ID photos securely

Capturing employee photos is part of everyday life in many companies - whether for ID cards, access badges or intranet profiles. One thing is clear: wherever personal data is processed, data protection is paramount. The requirements of the European General Data Protection RegulationGDPR) and the revised Swiss Data Protection Act (CH-DSG) apply equally - and they affect every company that stores, processes or passes on personal photos.

What to consider in terms of data protection law when taking ID photos

An employee photo is more than just a picture - it is sensitive, personal data. Therefore, the principles of data processing also apply here: lawfulness, purpose limitation, transparency, data minimization and security. Anyone who collects and stores employee photos must inform the data subjects, obtain their consent (if required) and take technical and organizational measures to protect the data.

Companies that violate these obligations not only risk fines, but also reputational damage. It is therefore crucial to use a solution that meets all the requirements of the GDPR and the CH-DSG.

On the safe side with Photo Collect

Photo Collect is a Swiss software solution for the standardized Capturing and processing of employee and ID photos. The platform is fully GDPR and CH-DSG compliant and has been designed for company-wide use - whether by public authorities, corporations or SMEs.

The platform enables photo capture via various channels: via a personalized upload link by email or SMS, via the mobile app, at a self-service kiosk or directly via an API interface. No matter which channel is used, data protection is guaranteed throughout.

Technical and organizational measures (TOMs)

Photo Collect stores all data in an ISO 27001 and FINMA data center in Switzerland. Each customer is represented by its own, logically separate instance (multi-client capability), ensuring strict data separation.

Other security features include

• TLS 1.3 encryption for all data transmissions
• Pseudonymization of the photos (no real names, but unique IDs)
• 2-factor authentication for access to the platform
• Automatic data deletion after export or after a maximum of 90 days
• Logging & auditing of all processing steps for full transparency
  
  

Support with consent and data subject rights

Photo Collect also makes it easier for companies to obtain legally compliant consent. The upload interface can be customized with individual data protection texts and information on data processing. The system also supports processes for exercising the rights of data subjects, such as requests for information or deletion.

Anyone who collects employee photos for ID cards or other applications today needs more than just a camera - they need a data protection-compliant, reliable solution for processing the images taken. Photo Collect offers exactly that: a legally compliant, highly secure and scalable platform for Capturing and processing ID card photos. This means that companies not only meet the legal requirements - they also send a clear signal for data protection and quality.

​