When we talk about a company's team, we're also talking about personal data. A company controls and needs to protect a great deal of information about its employees: contact details, address, income, banking information, perhaps even biometrics and medical information.
The impact of the General Data Protection Law (LGPD) on the Human Resources area was the topic of the latest online event from Privacy Tools. It took place on September 14th and featured the participation of Sabrina Munhoz (PrivacyTools), Fernando Bousso (Baptista Luz Advogados), Karolyne Utomi (KR Advogados), and Renata Benjamin (Gupy).
Check out the main highlights from the chat:
What is informational self-determination?
Do your employees know what this concept means? Right at the beginning of the conversation, Karolyne Utomi reminded them what informational self-determination is. The professional emphasized that people should know what is done with their data, who is using it, and what it is being used for.
Karolyne also pointed out that consent is not above other legal bases. “We have ten, and they can be used in parallel. I apply consent as the last legal basis.” Consent must be a freely given expression, and the employee, being subordinate, may end up feeling pressured to give consent.
Another issue raised was activity monitoring. If there is any way to control what an employee does on the company computer, for example, they should know how this monitoring occurs and why. There should also be a limit so that the employee's privacy, in the personal sphere, is not invaded.
Understand joint liability
Another concept that emerged during the event was "joint and several liability," brought up in Fernando Bousso's speech. This means that several parties can be held liable in the event of a violation of the LGPD (Brazilian General Data Protection Law). In this sense, it is important to be careful with suppliers.
If a supplier is not compliant with the LGPD (Brazilian General Data Protection Law) and leaves data vulnerable, the company that hired them and shared the data is also responsible if there is any leak or misuse. Therefore, audits are essential.
It's also worth remembering that outsourced workers who are registered as MEI (Individual Microentrepreneur) are treated by the courts as individuals. In other words, if your company employs permanent or freelance self-employed professionals, you need to protect their data as well.
Changes in selection processes
Renata Benjamin mentioned the changes brought about by the LGPD (Brazilian General Data Protection Law) in the hiring process. "We can no longer ask for whatever we want and keep it for as long as we want," she commented.
It's important to consider whether the information requested in the application process is truly essential for the position and makes a difference in the selection process. Religion, number of children, and marital status are mostly unnecessary and can even lead to prejudice, so they should be avoided.
It is also crucial to allow people to withdraw their consent for data processing, especially in cases where they no longer work for the company or were never even selected. Therefore, having a communication channel to handle requests from data subjects is essential.
Check all events
All previous broadcasts, as well as the full "LGPD in HR" broadcast, are available on Privacy Tools YouTube channel.
