This article discusses a case in Amsterdam regarding General Data Protection (GDPR) rules through an example of new security measures which include fingerprinting employees. The Company and the Employees take different sides and the interaction clarifies where GDPR falls in this particular case. In-house counsel can learn from this interaction and how GDPR applies to their employees.