The General Data Protection Regulation (GDPR), implemented by the European Union in 2018, revolutionized how companies must handle personal data. Designed to protect the privacy of individuals, the GDPR introduced stringent rules around how personal data is processed, stored, and deleted. Employee data, including their portraits, falls under the scope of these regulations.

Employee portraits, though often viewed as a benign aspect of corporate life, represent personal data and require careful management to ensure compliance with GDPR. As employees expect their images to be securely handled, companies must adopt GDPR-compliant solutions to protect these sensitive data elements.

GDPR compliance in the portrait workflow

Employee portraits, as visual representations of individuals, are protected under GDPR as personal data. For large organizations with hundreds or even thousands of employees, these images are stored, updated, and used across multiple platforms for identification and communication purposes. Whether they are used in internal systems like HR platforms or externally on corporate websites and press materials, the handling of these portraits requires GDPR-compliant workflows.

Every step of handling an employee’s portrait, from initial capture to storage and deletion, must adhere to GDPR. This includes gaining consent from the employee, securely storing their image, and ensuring it is deleted when it is no longer necessary. Companies that use Eikonice to streamline this process benefit from automation, as these platforms eliminate manual processes and reduce the risk of non-compliance.

Portrait handling should be part of the HR policy

In large enterprises, integrating the handling of employee portraits into HR policies is essential for maintaining GDPR compliance. With employees regularly joining and leaving the company, the sheer volume of images can be overwhelming without the right systems in place. And this is where Eikonice becomes invaluable and secure automating the collection, management, and deletion of portraits. We ensure the company stays compliant with GDPR while significantly reducing administrative burdens, handling the many different processes.

Transparent policies around employee portraits not only protect companies from GDPR breaches but also positively impact employee satisfaction. Employees are more likely to trust their employer if they know that personal data, including their images, is handled securely and ethically correct. This, in turn, fosters a workplace culture that respects privacy and can even contribute to higher retention rates.

GDPR best practices, step by step

Obtaining explicit consent from employees is the first step in any GDPR-compliant portrait handling process. Employees must be informed about how their images will be used, and they should have the ability to withdraw consent at any time. Companies should ensure that this process is automated and recorded, providing clear audit trails.

Once employee portraits are captured, they need to be stored securely. This includes encrypting images and limiting access to authorized personnel only. Cloud-based solutions like Eikonice offer secure storage options that comply with GDPR, ensuring data is both protected and easily manageable.

Further, GDPR mandates that personal data, including employee portraits, must be deleted when it is no longer necessary. Eikonice includes an automated deletion process that secure compliance by removing portraits when employees leave the company or when consent is withdrawn.

Include the impact of the EU artificial intelligence act

The EU Artificial Intelligence Act (AI act) is an upcoming regulation that seeks to ensure the safe, transparent, and ethical use of AI systems across the EU. Just as the GDPR governs personal data, the AI act will regulate AI systems, particularly those deemed high-risk, including those that process personal data, such as employee portraits.

AI-powered tools like Eikonice’s platform, which automate the handling of employee portraits, will fall under the scope of the AI act. High-risk AI systems will be subject to strict rules around transparency, fairness, and oversight, ensuring that AI is used responsibly. For companies relying on AI solutions, ensuring compliance with both GDPR and the AI act will be essential to avoid penalties.

The role of Eikonice in GDPR and the AI act compliance

The AI act will require companies to ensure that AI systems managing personal data are transparent and explainable, with human oversight to prevent errors or misuse. Solutions like Eikonice’s platform will need to demonstrate compliance with these new standards, ensuring AI-driven processes are not only efficient but also trustworthy.

Eikonice is at the forefront of helping businesses navigate both GDPR and the upcoming AI act regulations. By automating the entire employee portrait workflow, from planning to storage, Eikonice ensures full GDPR compliance while reducing costs and human error. The platform also prepares companies for AI act compliance by offering transparent, explainable AI processes with built-in privacy protections.

As the landscape of data privacy evolves, companies must take proactive steps to ensure compliance with both GDPR and the forthcoming AI act. By adopting best practices and leveraging AI-powered tools like Eikonice, businesses can streamline their portrait workflows, protect employee privacy, and avoid costly non-compliance penalties.

4 års kamp med Skattestyrelsen er afsluttet for den danske virksomhed, Eikonice, der har vundet en betydningsfuld sag i Landsskatteretten vedrørende skattekreditordningen.

Virksomheden anmodede for skatteårene 2016-2018 om refusion af omkostninger efter skattekreditordningen som led i udvikling af et IT-system til billedbehandling baseret på AI. Efter modtagelse af ansøgningen for 2018 indledte Skattestyrelsen en undersøgelse af Eikonice og afviste anvendelse af ordningen for alle tre år; og Eikonice stod derfor for at betale alle udbetalte beløb tilbage med tillæg af renter.

Eikonice klagede over afgørelsen og efter et overordentligt komplekst og langstrakt forløb har Landsskatteretten nu – 4 år efter klagetidspunktet og 8 år efter det første relevante indkomstår – givet Eikonice fuldt medhold i sagen og derved tilsidesat Skattestyrelsens afgørelse.

Eikonices administrerende direktør og grundlægger, Jørgen Bødker, udtaler:

“Det handler om, at SKAT ønsker at etablere præcedens, men for os som start-up handler det om, at vi mister tid og fokus, hvilket er det mest dyrebare for iværksættere. I dag har vi vundet, og det er selvfølgelig en god følelse, men jeg kan ikke lade være med at tænke på, hvor meget længere vi kunne være nået, hvis vi havde brugt vores tid og penge på udvikling af Eikonice. Fakta er, at denne sag har forhindret os i at starte en scale-up proces og at SKAT har gjort det umuligt for os at udvikle vores markedspotentiale de sidste 4 år.”

En berygtet skattefælde

Skattekreditordningen blev indført med virkning fra 2012 med det formål at sikre danske virksomheders investering i forskning og udvikling for dermed øge den danske konkurrenceevne. Kreditten udbetales til underskudsgivende virksomheder og har derfor en væsentlig likviditetsmæssig betydning for start-ups og vækstvirksomheder.

Tusindvis af danske virksomheder har investeret i udvikling i forventning om udnyttelse af ordningen. Skattestyrelsen har imidlertid håndteret reglerne meget restriktivt, hvilket har givet anledning til omfattende kritik. Flere organisationer og rådgivere har anbefalet virksomhederne direkte at undlade at anvende skattekreditordningen på grund af den medfølgende usikkerhed og meget restriktive tolkning.

Netop de virksomheder, som har gjort brug af skattekreditordningen, er i en særligt udsat økonomisk fase, og bliver derfor ramt ekstra hårdt, når de flere år efter mødes med tilbagebetalingskrav fra Skattestyrelsen og mange virksomheder opfatter tilbagebetalingskravene som dybt urimelige.

Claus Pilgård, advokat hos Nielsen Nørager Advokatpartnerselskab, har bistået Eikonice klagesagen ved Landsskatteretten. Om udfordringerne for de enkelte virksomheder fortæller han:

”Det er tilnærmelsesvist umuligt for softwareudviklerne at dokumentere, at udviklingen kan karakteriseres som ’forsøg- og forskning’. Og det blev kun sværere efter at Østre Landsret i september sidste år tilsidesatte en tidligere lempelig fortolkning, som Landsskatteretten i enkelte tilfælde havde anlagt i relation til softwareudvikling. Det var derfor med stor glæde, vi fik nyheden om, at Landsskatteretten gav Eikonice fuldt medhold, særligt fordi Landsskatteretten er enige med os i, at det ikke bare er Eikonices teknologiudvikling – men også Eikonines videreudvikling af en standard webshop – som kan være omfattet af ordningen.”