8/3/2021
The General Data Protection Law – LGPD (No. 13.709/18) entered into force on September 18, 2020, but administrative sanctions (applied by the National Data Protection Agency – ANPD) will take effect from August/2021 on – and apply to all private and public companies.
Despite the administrative sanctions being applied only from this month, this did not prevent the judges from applying the law from the beginning of its validity.
Thus, on July 24, 2021, a decision was published by the Labor Court of Montenegro/RS, in a public civil action, recognizing the jurisdiction of the Labor Court to judge on aspects of data protection related to workers and determining that the company defendant, within 90 days, indicate and appoint the person in charge of processing the personal data of employees and implement the necessary procedures for data security and confidentiality, under penalty of a daily fine.
However, this lawsuit was not the first labor case to demand the application of the LGPD in labor relations.
Since it came into force, workers have been seeking, in the Labor Court, the application of the LGPD to protect their personal data and guarantee access to all information that contains them.
This is because the general data protection principles apply to labor relations from the pre-contractual stage, that is, even before the person is hired.
In this sense, it is essential that employers comply with the LGPD, for the application of the law from the disclosure of a job vacancy, informing the candidate the purpose of using their data, as well as the deadline and storage.
The application of the LGPD continues throughout the term of the employment contract and after its termination, considering the purpose of the processing of personal data, the retention periods and the company’s elimination policy.
The law provides that the employer respects the right of data subjects, such as confirmation of the existence of data processing; access to data; correction; anonymization; portability; elimination; consent, where applicable, and revocation of consent.
Considering that the LGPD involves technical issues, companies must map the data flow; elaboration of a privacy policy; adoption of data protection and security measures and training of various departments of the company.
Therefore, it is important that all companies comply with the LGPD and implement a data protection program to mitigate the risks of administrative and judicial sanctions, as well as impacts to the company’s reputation, since violations of the LGPD will be public.
Author: Renata Carla da Silva Caprete
