Articles November 3, 2021

LGPD in Employment Relations

Since September 18, 2020, the General Data Protection Law (LGPD) – Law No. 13,709, of 08/14/2018 – has been in force in Brazil, establishing rules on the collection, storage, processing and sharing of personal data. Its objective is to protect the fundamental rights of freedom and privacy. To assist your company, we have developed the article The LGPD in labor relations.

With the implementation of this law, companies of all sizes and segments became obligated to comply with a series of legal and administrative requirements.

And, since August 1, 2021, inspections and administrative sanctions may be applied by the regulatory body, the ANPD (National Data Protection Authority). Companies that fail to comply with the rules will be subject to administrative sanctions that include a warning, a simple or daily fine of up to 2% (two percent) of revenue, limited to the amount of R$ 50,000,000.00 (fifty million reais).

In the pursuit of preserving the rights of data subjects, the LGPD establishes foundations and principles to be observed during the processing of personal data.

However, the LGPD does not bring any express provision that specifically refers to the protection of personal data in labor relations, which could give rise to discussions regarding its scope within labor relations.

The LGPD in labor relations

However, given the amount of personal data and sensitive personal data that are shared by the numerous and diverse departments of companies, the LGPD has direct application in labor relations. For this reason, compliance is necessary in all existing phases of the relationship between the employer and its employees.

In the routine of labor relations, we may cite the phases of hiring in which there is constantly the processing of employees’ data:

  1. Pre-hiring: with the obtaining of identification data, résumé, references of the candidate for the job vacancy, among others;
  2. During the employment contract: data for the registration of employees, banking data for the payment of salaries, union membership, data relating to health such as occupational examinations, medical certificates, among others;
  3. After the termination of the employment contract: with the storage of the information of former employees for labor and social security purposes and for making it available to public inspection bodies.

Since the employer is defined in the law as the “controller”, with responsibility for the data of the employees to which it has access, it is recommended to enter into an Acknowledgment Statement, in which it is clarified how personal and sensitive data are collected, stored and processed by the company, clarifying in detail the purposes and the legal basis of each piece of data provided by the employee.

For example, regarding the banking data collected, the purpose is to make the payment of salaries and benefits. As for matters related to the health plan, admission examinations and periodic examinations, since they are sensitive data, they require special treatment, as they impose not only responsibility on the employer company, but also severe penalties in case of non-compliance with legal requirements.

Another important point brought by the LGPD concerns the employee’s image for the purposes of monitoring, advertising or internal marketing actions of the company. As it is sensitive data, it is necessary to formalize the Acknowledgment Statement and/or Consent Statement in a document separate from the employment contract.

Birthday notice boards, business cards, employee of the month, publications on corporate social media, and security camera monitoring are practices that need to be adapted to the LGPD.

It is recommended, in addition to entering into the Statements, to update the company’s Privacy Policy, disclosing it on its website and in a place easily accessible to employees.

The LGPD requires protection not only of the data of employees, but also of their dependents and, therefore, it is important to update the Human Resources Department Policies not only with regard to the use of data internally by the company, but also with regard to sharing with third parties.

In this context, it is necessary to understand the needs of each company in order to adapt the Human Resources Department Policies and the related documents mentioned above (Privacy Policy, Consent Statement and Acknowledgment Statement, employment contract) to the LGPD.

Read also:

Adaptation of employment contracts to the LGPD

It is also worth highlighting that in the labor sphere, employees may initiate judicial actions demanding compliance with the LGPD by the company, the employer, regarding the processing of their personal data (information that allows the employee to be identified, directly or indirectly, such as ID card, individual taxpayer registry (CPF), gender, date and place of birth, telephone, residential address, banking data, marital status) and their sensitive data (racial or ethnic origin, religious or philosophical beliefs, political opinions, union membership, genetic, biometric and health-related matters).

In short, the LGPD in labor relations will ratify what the labor norms/laws express, regarding the legal responsibility that the employer holds in relation to the data of its employees, regarding the existence of good faith in the processing of employees’ data by the employer, as well as improve the security in the storage of data.

Article written by the lawyer Nathalia Valverde, who worked on the team of Lassori Advogados

← Back to blog