Protecting employees’ personal and sensitive data has become a fundamental right that serves to protect them against potential fraud or identity theft
Companies of all types and sizes collect personal data from their employees, whether it is to fill out payroll, which contains salary and bank account details or to provide benefits such as health insurance, which may require the beneficiaries to provide sensitive personal data about them and their dependents. Thus, this data needs to be well protected.
For companies that operate in Brazil, the Brazilian General Data Protection Rules (GDPR), which came into force in August 2020, regulates the treatment of personal data, whether by public or private companies. Failure to comply with the law can lead to a fine of up to 2% of the revenue of the private legal entity, group, or conglomerate in Brazil in its last fiscal year, not to exceed R$50 million per violation.
Protecting employees’ personal and sensitive data has become a fundamental right that serves to protect them against potential fraud or identity theft. The challenge for companies is to identify the activities most susceptible to security risks. In general terms, their main obligations include storing data securely, processing the data legally, and having systems in place to deal with any data breaches.
When it comes to payroll, the nature of the information contained is highly valued by hackers, further increasing the vulnerability of the data. The company must carefully monitor the number of employees with access to sensitive payroll data and introduce security protocols for all related files such as e-mails, spreadsheets, etc. that are being shared internally and externally.
Mapping the data used to fill out payroll is an effective way to ensure compliance with the GDPR. The company must analyze the amount of personal data collected and ensure that it is collecting the minimum necessary for (or related to) an employment contract. Any other data collected presents risks of privacy violations.
Data subjects have the right to access information about the processing of their data, as well as the right to revoke their consent if the purpose of the processing has changed. However, not all employee rights can be applied in the context of payroll data processing, due to legal obligations found in labor law.
At Pryor Global, we offer payroll outsourcing services, ensuring compliance for all related processes. Avoid the risk of fines with the support of specialized professionals experienced in local legislation.