GDPR Data Export
Produce a single signed bundle of everything TempClock holds about one worker, for SARs or right-to-erasure requests.
What this does
A complete record of one worker’s data in one download.
Under UK GDPR (and the older 2018 Data Protection Act) every individual has the right to receive a copy of the personal data you hold about them — a Subject Access Request or SAR. TempClock can produce a complete bundle for any single worker in one click, so you can respond to those requests without having to copy data out of half a dozen screens by hand.
The bundle contains the worker’s profile, every time entry, every clock-in event with GPS and face-match telemetry, every survey response, every document on file, and every audit log entry that mentions them. Everything that hits the worker’s personal record.
Admin > GDPR export
Admin or super-admin (per-worker SARs); super-admin only for bulk exports
A signed ZIP containing JSON + CSV files
Generated exports are kept for 7 days then auto-deleted from the server
You are still the data controller. TempClock processes the data on your behalf, but it is your responsibility to verify the requester’s identity before sharing the bundle.
When You Should Use This
The two main scenarios.
Subject Access Request
A worker (current or former) asks for a copy of the data you hold about them. UK GDPR gives you one calendar month to respond. Generate the export, verify the requester’s identity, and share the bundle. Done.
Right to erasure
A worker exercises their right to be forgotten. Generate the export first (so you have a record of what you held), then deactivate / delete the worker from Workers. Keep the export until your retention period ends.
You do not need to use this for routine HR / payroll. For day-to-day reporting use the Timesheets and Workforce Insights pages — those are designed for ongoing analysis. The GDPR export is specifically for compliance requests.
How to Generate an Export
Step-by-step.
Open the GDPR export tool
From the admin sidebar, click GDPR export. (Manage portal users will not see this page — it is admin-only.)
Pick the worker
Start typing the worker’s name in the search box. The dropdown will narrow as you type. Click the worker you want to export. The right-hand panel previews exactly what will be included.
Confirm and generate
Click Generate export. TempClock builds the bundle in the background — for a worker with a year of timesheets this typically takes 5–20 seconds. The page refreshes when the file is ready.
Download the bundle
Click the Download button. Your browser saves a single ZIP file named gdpr-export-<worker-id>-<date>.zip. That’s the file you share with the worker.
The download link is short-lived — it expires after 7 days. If the worker takes longer than that to acknowledge they have received the bundle, you can re-generate at any time.
What’s in the Bundle
Every file, what it contains, and why.
worker.json
Worker profile: name, employee ID, contact details, hourly rate, start date, preferred language, assigned location and (if used) face-template metadata. The full worker record.
time_entries.csv
Every clock-in / clock-out: timestamps, location, total minutes, notes, approval status, plus GPS fields (latitude, longitude, accuracy, within_geofence, distance_meters) when captured.
survey_responses.csv
Every answer the worker gave to a pre-clock-in survey: question text, the answer they gave, the timestamp, and which clock-in it was attached to.
documents.csv
Index of every document on file (passport, right-to-work, qualifications, etc.): document type, upload date, expiry date. The actual file uploads are bundled into a documents/ folder alongside.
audit_log.csv
Every action involving this worker: who created them, who edited them, who approved their timesheets, who triggered the export itself. Useful for proving good-faith handling.
manifest.json
Lists every file in the bundle with its SHA-256 hash, the export timestamp, the admin who generated it, and the TempClock version. Use this to prove the bundle wasn’t tampered with.
Face-recognition templates (the maths-only vector representation, not photos) are listed in the manifest but excluded from the bundle by default — they are not human-readable and can’t be reconstructed back into a face. If the worker specifically asks for them, contact support and we’ll add the raw vector to a follow-up bundle.
Retention & Deletion
What happens to the export on our side.
TempClock keeps the generated ZIP file on our server for 7 days so you can re-download it if the original download was interrupted. After that the file is automatically purged by a nightly cron job. The metadata row (who generated, when, for which worker) is kept indefinitely in the audit log so you have a permanent record that the export happened.
If you exercise the worker’s right to erasure, run the GDPR export before deleting the worker so you have a record of what was held. Then deactivate or hard-delete the worker from the Workers page. Hard-delete removes timesheet history; deactivate keeps it but hides the worker from live pages.
Hard-deletes are permanent. If you delete a worker by mistake, contact support within 24 hours — we keep a nightly database snapshot for emergencies but it is not a long-term recovery option.
Audit Trail
Every export is logged.
Every time you generate a GDPR export, TempClock writes an audit log entry with the admin’s name, the target worker, the timestamp, and a hash of the bundle file. You can review these from the Audit Log page (filter by action = gdpr_export).
If the ICO ever asks for evidence that you processed a SAR within the legal one-month window, the audit log row is your answer.
Know who turned up — and pay every hour right.
Face-verified clock-ins, live geofencing and payroll-ready timesheets in one system. Tell us how your shifts run and we will show you how it fits.
UK-hosted · Set up in under an hour · No app for your staff