How to reduce time theft without becoming a surveillance company
Buddy punching costs ~2.2% of payroll. Constant monitoring costs trust, retention, and culture. Here's how to address one without sacrificing the other.
- hours24 team
Time theft is real - APA data shows 43% of hourly employees admit to it, and buddy punching alone costs 2.2% of payroll. But the response can be worse than the problem. Keystroke loggers, mandatory always-on webcams, location tracking off the clock - these solve €25,000/year of leakage by destroying the trust that keeps people from leaving.
Here's the line we draw in our own product, and the playbook we recommend to customers.
Do: stop buddy punching at the door
Fingerprint, facial recognition, or RFID for clock-in - these prevent the most common form of time theft (Mary clocking in for Bob). They're a one-time gate, not ongoing surveillance, and they're proportionate to the risk.
Do: geofence the jobsite, not the person
GPS confirming you're at the warehouse when you clocked in is fine. GPS tracking your phone all day - including off-hours - is not. The legal and ethical line in most EU jurisdictions: location data tied to work events (clock-in, photo proof), not continuous location.
Do: publish the schedule and stick to it
Most 'time theft' isn't malicious - it's people working through breaks and not getting paid, or stretching to cover an absent colleague. A reliable schedule with proper breaks reduces 'creative timesheet entries' more than any monitoring tech.
Don't: keystroke logging, screen capture, ambient mics
These cross the proportionality line under GDPR Art. 5 and the EU's right-to-privacy case law. The legal risk often outweighs the recovered hours.
Don't: track location off the clock
If your tool tracks employee location when they're not working, you're inviting a data protection complaint. Use mobile apps that turn off location once the shift ends.
Do: communicate what you do and why
If you deploy biometric clock-in, tell people what's collected, where it's stored (encrypted, on a secure provider), how long it's kept, and how they can request its deletion. The conversation is half the win - 'we're stopping buddy punching, not watching you' lands differently when said out loud.
Rule of thumb: if the measure would surprise the employee, it probably doesn't pass GDPR's transparency test (Art. 13).
What customers actually see
Companies that move from honour-system Excel to a proper time clock + geofence + manager review see a 60-80% reduction in time-leak within 6 months. Push beyond that with surveillance tech and you start losing the productive people, who have options.
Want to see what the AI assistant would do for your team?