Administrative sanctions will take effect in August: are your company’s employment contracts already compliant?
Since September 18 of last year (2020), the General Data Protection Law (LGPD) – Law No. 13,709, of 08/14/2018 – has been in force in the country, establishing rules on the collection, storage, processing and sharing of personal data, with the aim of protecting the fundamental rights of freedom and privacy. See what is important regarding employment contracts.
With its implementation, companies of all sizes and segments became obligated to comply with a series of legal and administrative requirements. And those who have not yet adapted need to hurry, because as of August 1, 2021, inspections and administrative sanctions may be applied by the regulatory body, the ANPD (National Data Protection Authority).
Even with the LGPD already being applied since 2020 by consumer protection bodies, the Judiciary and the Labor Public Prosecutor’s Office, as of August 2021, companies that fail to comply with the rules will be subject to administrative sanctions that include a warning, a simple or daily fine of up to 2% (two percent) of revenue.
In the labor sphere, employees may initiate judicial actions demanding compliance with the LGPD by the company, the employer, regarding the processing of their personal data (information that allows the employee to be identified, directly or indirectly, such as ID card, individual taxpayer registry (CPF), gender, date and place of birth, telephone, residential address, banking data, marital status) and their sensitive data (racial or ethnic origin, religious or philosophical beliefs, political opinions, union membership, genetic, biometric and health-related matters).
And what are the requirements that must be implemented in the employment contract?
Since the employer is defined in the law as the “controller” with responsibility for the data of the employees to which it has access, it is recommended to enter into an Acknowledgment Statement in which it is clarified how personal and sensitive data are collected, stored and processed by the company, clarifying in detail the purposes and the legal basis of each piece of data provided by the employee.
For example, regarding the banking data collected, the purpose is to make the payment of salaries and benefits. As for matters related to the health plan, admission examinations and periodic examinations, since they are sensitive data, they require special treatment, as they impose not only responsibility on the employer company, but also severe penalties in case of non-compliance with legal requirements.
Another important point brought by the LGPD concerns the employee’s image for the purposes of monitoring, advertising or internal marketing actions of the company. As it is sensitive data, it is necessary to formalize the Acknowledgment Statement and/or Consent Statement in a document separate from the employment contract. Birthday notice boards, business cards, employee of the month, publications on corporate social media, and security camera monitoring are practices that need to be adapted to the LGPD.
It is recommended, in addition to entering into the Statements, to update the company’s Privacy Policy, disclosing it on its website and in a place easily accessible to employees.
The LGPD requires protection not only of the data of employees, but also of their dependents and, therefore, it is important to update the Human Resources Department Policies not only with regard to the use of data internally by the company, but also with regard to sharing with third parties.
In this context, it is necessary to understand the needs of each company in order to adapt the Human Resources Department Policies and the related documents mentioned above (Privacy Policy, Consent Statement and Acknowledgment Statement, employment contract) to the LGPD.
← Back to blog