What Is the Role of HR in the General Data Protection Act?

In the age of technology, information is a true gold mine for companies, which, based on it, can, among other actions, optimize the recruitment of employees and make the team of employees more efficient. Because it is so valuable, informational content needs to be handled and stored properly, in order to avoid risks for its owners, which includes the company and employees. That is why it is crucial to consider the role of HR in the General Data Protection Act.

Taking this into account, in today's post, we will show the role of the human resources sector, in view of the provisions of that legislation. We will explain what exactly this relationship is, what impacts such legislation has on HR, and how companies can adapt to it. In addition, we will address the main consequences of corporations not complying with the General Data Protection Act. Don't waste time and check it out right now, to be prepared for when the law comes into force!

What is the relationship between LGPD and corporate HR?

Before talking specifically about the relationship between LGPD and the HR of companies, it is necessary to understand what this legislation consists of. This is the acronym of the General Data Protection Law, a document that alters the Civil Framework of the Internet and aims to raise both the level of privacy of personal information and increase the supervisory power of organizations, which is done by the competent regulatory authorities.

Like the General Data Protection Regulation (GDPR), similar legislation that came into force in the European Union in early 2018, the LGDP is based on the assurance of full knowledge of the collection, storage, and collection of your personal information. Thus, anyone has the right to monitor and report illegal practices made with their data to Organs inspection bodies.

But what is the relationship between LGDP and the human resources area of ​​a business? To begin to understand this, just keep in mind the types of activities commonly developed in this sector, which involve information from employees and candidates who are looking for a position in the company. Thus, both in the admission process and in personnel management, there is necessarily the collection of so-called sensitive data, which allow the direct or indirect identification of a person.

Considering that the LGDP aims precisely to enable citizens to know how and where their data is collected and stored, in addition to being aware of they are shared or used for other purposes, the company's HR will need to properly manage all personal information it has on sector. This includes the creation of mechanisms aimed at protecting various types of data, which include, name, address, telephone, e-mail, RG, CPF, among others.

What are the impacts of LGPD on HR?

In addition to the data mentioned in the previous topic, it is common for companies, in recruitment processes, to collect candidates' school records and professional activities. Some companies even research the credit trajectory, which was already a controversial action before the appearance of the LGDP. With the law in force, corporations will have to justify the relevance of collecting this type of information, request authorization from its holder, and ensure protection against leaks.

Another important aspect contained in the LGDP is the guarantee of non-discrimination, so that, when announcing the existence of a vacancy, the HR must be very cautious, indicating only the technical requirements that, in fact, are necessary for the exercise of the function. In this way, requirements relating, for example, to gender, sexual orientation, marital status, religion, absence of children, ethnicity, and "good looks" can be understood as discriminatory attitudes on the part of the contractor.

The LGDP also requires that candidates have the right to access all data that has been made available and analyzed by the company, which allows for verification of the veracity of the collection carried out. Another impact brought by the new legislation concerns the storage of documents and resumes in the company's database for future selections, which can only be done when the person interested in the current vacancy allows it through specific consent.

How can companies adapt to this law?

LGDP's reach goes beyond HR, reaching the purchasing sector, the supply area, among other departments of the companies. Therefore, it is very important that companies look for strategies to adapt to this law. The first step is to get to know the law in-depth, in order to understand all its provisions, and then check which ones are directly related to the activities performed by the company. Below, we list some actions that help in this adaptation:

• implement contractual adjustments;
• modify the privacy policy and terms of use practiced by the corporation;
• to make anonymous, whenever possible, the data circulating through the company;
• adopt resources that increase the security of stored information;
• regulate and standardize the treatment of data that does not have a legal basis;
• map external organizations with which information is shared;
• develop data elimination models that do not harm the business.

What are the consequences of not complying with the law?

Failure to comply with the provisions contained in the LGDP tends to have consequences both in legal terms and in economic terms. Thus, either before the courts, which rely on technology in favor of their performance, or in their financial health, the company that does not follow the referred legislation when it comes into force may lose out. This is because the document establishes significant sanctions for those who break its rules.

The penalties include the application of warnings, payment of fines, and partial or total prohibition from carrying out activities that involve data processing. The fines vary from 2% of the company's revenue in the previous year to R $ 50 million. To inspect the full compliance with the LGDP and apply the appropriate punishments, the National Data Protection Authority (ANDP), a federal government agency, was established.

As we saw throughout the post, the role of HR in the General Data Protection Law goes far beyond the execution of bureaucratic tasks and may have strategic value for the company. Thus, when a data security policy is implemented that, at the same time, complies with the LGDP and is efficient, the company is better able to be competitive and win the trust of its target audience.

Find best HRMS Software to incorporate HR department to complying General Data Protection Law.