← Back to Resources

COMPLIANCE · DEFINITIVE GUIDE · 22 MIN

The time-record law nobody is enforcing properly.

Royal Decree-Law 8/2019 requires every employer to record the working day of every employee. Sounds simple. Yet 62% of Spanish SMEs still fail to comply, according to the Labour Inspectorate. This guide explains what the law actually requires, which mistakes will cost you €626 to €6,250 per worker, and how to set it up properly without turning it into a bureaucratic nightmare.

BY DANIEL GARCÍA · CO-FOUNDER · CTO @ ORQUIVA UPDATED 19 MAY 2026 22 MIN READ
ART. 34.9 ET · MAYO 2026 REGISTRO_MAYO.XLSX 13/05 09:00–18:00 M.Sánchez 13/05 09:00–18:00 M.Sánchez 13/05 09:00–18:00 M.Sánchez 13/05 09:00–18:00 M.Sánchez 13/05 09:00–18:00 M.Sánchez NO VÁLIDO ORQUIVA · FICHAJE 09:01 ENTRADA sha256· 13:34 PAUSA sha256· 14:30 VUELTA sha256· 18:02 SALIDA sha256· SELLO RDL 8/19

What the law actually says

Article 34.9 of the Workers' Statute, amended by RDL 8/2019, requires every employer to keep a daily working-time record showing the exact start and end time of each employee's working day. Records must be kept for 4 years and made available to the employee, their legal representatives and the Labour Inspectorate.

The ECJ ruling in case C-55/18 (Deutsche Bank) was what forced Spain to tighten the rules: without an objective, reliable and accessible recording system, it is impossible to verify compliance with the 40-hour weekly limit.

The 5 costliest mistakes

1. Excel templates signed by hand

The Inspectorate treats these as "non-objective" records: anyone can edit the file afterwards. If yours are signed by scan, you are already committing a serious offence (art. 7.5 LISOS, €751 to €7,500).

2. Recording only monthly totals

The law requires specific start and end times. A total like "160h in May" doesn't count. You need per-day timestamps.

3. Not recording remote workers

Remote work falls under Law 10/2021, which refers back to article 34.9. Remote staff must clock in too, using a system accessible from outside the office.

4. Forgetting team leads and middle managers

Only senior executive staff (special labour relationship under RD 1382/1985) are excluded. Your team leads and managers must clock in like everyone else.

5. Not keeping records for the full 4 years

The clock starts from the date of the record, not from the worker's exit. If someone leaves today, their history must remain accessible until 2030.

What a valid system must include

  • Unambiguous worker identification (ID number or internal ID).
  • Start and end date/time accurate to the minute.
  • No retroactive modification without an audit trail.
  • Worker access to their own history.
  • Readable export (PDF/CSV) for the Inspectorate.
  • 4-year retention from the date of the record.

Real fines issued in 2024–2025

€6,250

Maximum fine per worker for very serious offences (art. 7.5 LISOS).

Cases published by ITSS: a Málaga hospitality chain, €47,000 for not recording 12 weekend waiters. A Barcelona consultancy, €18,500 for using unsigned Excel sheets. A Madrid startup, €11,000 for excluding its CTO because "he had no fixed schedule".

How Orquiva handles it

The Time-record module covers every requirement out of the box: cryptographically timestamped entries, immutable record once confirmed by the worker, signed PDF export, web and mobile app access with optional geolocation. Assisted Excel migration: you upload your historic months, we import with full metadata.

Frequently asked questions

What if my collective agreement says something different?

Your agreement can extend protection (more detail, longer retention) but never reduce what the Workers' Statute requires. If your agreement says 2 years, the 4 years in the ET win.

Do I have to record coffee breaks?

Only if your collective agreement treats them as effective working time, or if they exceed 15 minutes (Supreme Court, 28/05/2020). When in doubt, record them.

What about overtime?

It's computed automatically: any hour recorded above the standard day is overtime. The 2019 reform made it visible precisely to stop the fraud.

How to migrate from Excel without losing history

If you're coming from Excel templates, the challenge isn't just switching to a valid system — it's preserving the last 4 years of records so they keep their evidentiary value. Here's the migration we recommend at Orquiva:

  1. Pre-audit: identify which files cover which periods and which workers. Flag the gaps: those are the months the Inspectorate will ask about first.
  2. Normalisation: convert every Excel to a single CSV with columns id, date, time_in, time_out, break_start, break_end. Breaks can be empty.
  3. Integrity hash: compute a SHA-256 per row before uploading. That proves the record existed with that content on that specific date.
  4. Timestamped import: the system tags each imported row with "source: manual migration from Excel, original date X, import date Y". Double traceability.
  5. Legal annex: document the process in a Migration Memorandum signed by management. If the Inspectorate asks, you show it.

Migrated history will never have the same evidentiary weight as native records — but it's infinitely better than unsigned Excel. The Inspectorate accepts it when the procedure is documented.

What happens the day the Inspectorate shows up

Surprise visits are rare: there's usually a prior complaint (a worker, a competitor, a union). In 90% of cases you get a written request with 10 days to prepare the documentation. What you'll need to hand over:

  • Time-record for the last 12 months, person by person.
  • Time-recording policy signed by the workers' legal representation (or proof there is none).
  • Applicable collective agreement and theoretical schedule per role.
  • Overtime justifications: requests, approvals, compensations.

What's not mandatory but worth having

RDL 8/2019 sets the legal minimum. But some choices aren't mandatory and, done well, save you bigger problems. Here are the four we get asked about most:

Geolocation

Not mandatory. The Spanish DPA (AEPD) has published opinions (2020/0207, 2022/0096) reminding that any location data is a special category under GDPR and requires a proportional legal basis. If you record it, it must be strictly necessary for clock-in control (not for monitoring anything else), informed in writing to the worker, and limited to the exact moment of clocking in/out. Turning it on "just in case" is unnecessary legal exposure.

Biometrics (fingerprint, facial)

After the AEPD opinion of 23 November 2023, fingerprint and facial recognition for clock-in require a legal basis beyond worker consent (which is considered vitiated by the dependency relationship). In practice, almost no company has that solid basis. If you come from a biometric system, plan migration to NFC, PIN or mobile app with normal authentication.

Worker signature

RDL doesn't require a worker signature on every clock-in. It does require that the system be "objective" — that the worker can't alter what's already recorded without traceability. A periodic confirmation (weekly, biweekly) with simple electronic signature is good practice and reduces disputes in case of discrepancy.

Legal representation access

Article 34.9 ET does require allowing the works council or staff delegates to access aggregated records (not individual nominative ones, unless the affected person consents). Make sure your system can export aggregates per department or workplace.

How to defend yourself if the Inspectorate files an infringement notice

Receiving a notice isn't the end. You have 15 business days to file allegations and 30 from notification of the resolution to appeal administratively. These are the arguments that work most often before the Superior Courts:

  1. Formal defect in the notice: if it doesn't include the workers' IDs or the specific days of breach, it can be annulled (STSJ Madrid 643/2022).
  2. Proportionality of the fine: the regime allows reducing the amount if you prove the breach was isolated, no recurrence, and you've corrected the system. ITSS internal instruction 1/2023 expressly provides for this.
  3. Documented force majeure: system outages, technical migrations with logged incidents, SaaS provider problems. If you have evidence (tickets, emails), provide it.
  4. Good prior record: previous favourable notices or no complaints in the last 5 years weigh on the fine's graduation.

What does NOT work: pleading ignorance of the rule (it's been 7 years), saying the sector has low clock-in culture, or trying to blame a middle manager. Liability is always with the employer and the legal entity.

Sector-specific mistakes

Hospitality and restaurants

The sector with the highest breach rate (78% per ITSS 2024). The three typical errors: not recording extras' hours on weekends, only recording "theoretical schedule" without reflecting real hours, and letting the manager clock in on waiters' behalf from a single terminal. All three are solved with personal mobile app + backup tablet kiosk.

Construction and on-site work

The worker moves between sites. RDL doesn't require recording location, only start and end of the day. Common errors: only recording when arriving at the first site (omitting commute that counts as work per agreement), not recording "service trips" between intermediate sites.

Commerce and retail

Workers rotating between stores. Recording must allow assigning the clock-in to the specific workplace, not just the "employee". If your system only stores time and person but not site, it doesn't meet the traceability required when a specific store is inspected.

Tech sector and offices with remote work

Law 10/2021 requires recording remote workers the same way. Typical errors: not recording breaks "because the worker is responsible" (no, the company is), not documenting flexible hours (yes, flexibles are also recorded), confusing "connection hours" with "effective working hours".

Self-audit checklist: 18 points

Before a possible Inspection, run through these 18 points. If you fail any category, prioritise fixing it:

Category 1 — Coverage

  • Have you recorded ALL employees, including managers and team leads?
  • Do remote workers clock in with the same system?
  • Are workers in probation period included?
  • Do you have seasonal or temporary staff? Do they also clock in?

Category 2 — Record quality

  • Does the record save exact start AND end times, not just totals?
  • Is it impossible to modify retroactively without leaving an audit trail?
  • Are breaks longer than 15 minutes recorded if your collective agreement requires?

Category 3 — Access and retention

  • Can the worker consult their own record instantly?
  • Can legal representation access aggregates (without non-consented identifiers)?
  • Are you keeping the last 4 years, not just current?
  • Can you export any person's record as signed PDF in less than 1 hour?

Category 4 — Supporting documentation

  • Do you have a written time-recording policy signed by legal representation (or proof of non-existence)?
  • Do you have the applicable collective agreement identified and archived?
  • If you migrated records from another system, do you have a migration memo with dates?
  • Do you have the overtime treatment procedure documented?

Category 5 — Operational hygiene

  • Is there an assigned internal owner of the record (not "everyone")?
  • Are anomalous records (workdays <4h or >12h) reviewed monthly?
  • Is there a clear channel for workers to rectify discrepancies?

Cited rulings and opinions

  • ECJ C-55/18, CCOO vs Deutsche Bank SAE (14/05/2019)
  • Spanish Supreme Court 4th Chamber 246/2020, 28/05/2020 — breaks and effective working time
  • STSJ Madrid 643/2022 — formal defects in Labour Inspection notices
  • Spanish DPA opinion 2020/0207 — geolocation in labour relations
  • Spanish DPA opinion 2023/0184 — biometrics for clock-in (23/11/2023)
  • ITSS Instruction 1/2023 — graduation of fines in working-time offences
Start free with Orquiva →

KEEP READING

28 PREGUNTAS · 5 CATEGORÍAS VENDOR A €8.40 /persona/mes Fichaje SSO API pública Vacaciones RECOMENDADO ORQUIVA PRO €5.00 /persona/mes Fichaje SSO API pública Vacaciones VENDOR C €12.00 /persona/mes Fichaje SSO API pública Vacaciones

HR · DEFINITIVE GUIDE · 16 MIN

How to pick an HRIS without losing your mind

Read →
PLAN 30 / 60 / 90 · NUEVA INCORPORACIÓN DAY 1 — KICKOFF RM Rocío DG Diego CM Carla MS Marta · NUEVA PLAN DE MARTA DÍA 1 Setup + buddy SEMANA 1 1:1 diario · 1ª tarea DÍA 30 eNPS · feedback DÍA 60 Entrega media DÍA 90 Probation review

PRODUCT · 8 MIN

Remote onboarding: 7 common mistakes.

Read →
18 PREGUNTAS · 3 BLOQUES · TRIMESTRAL MS EVALUADA MA MANAGER RM PAR DG PAR CM AUTO LG PAR PV REPORTE

GUIDE · 14 MIN

360º review that actually works.

Download →