Biometric systems are used for automated recognition of natural persons based on their biological characteristics and behavior, for example facial geometry, fingerprints, iris patterns, vein patterns in the hand or finger, voice patterns and handwritten signature. At first, these systems were mainly used in sovereign applications such as automated border control, forensic databases, and databases of visa applicants and asylum seekers. Increasingly, however, biometrics are finding their way into everyday commercial applications such as smartphone or PC login, access control to private or company premises or buildings, and payment transactions. The use of biometrics to unlock mobile devices is helping this science – especially fingerprint and facial recognition – to make a breakthrough in everyday life. The most prevalent biometric applications employ sensors integrated into mobile devices. Biometrics can contribute a high level of security to the respective application and offers greater convenience to users than possession- or knowledge-based authentication methods. Because biometric data are permanently associated with the individual person, however, their use entails risks as well as opportunities. The European General Data Protection Regulation (GDPR) recognizes biometric data as particularly sensitive and worthy of protection; it permits their processing only with the express consent of the data subject or on a legally regulated basis.