Skip to main content

Brazil’s Data Protection Law and the culture change in the laboral routines of companies: the use of the data protection theme as a strategic tool to improve the business work environment


Despite being clear that Brazil’s Data Protection Law (”LGPD”) applies to employment relationships, it is not usual to discuss the practical conduct that should already have been adopted by Brazilian companies in order to be compliant with the legislation from a labor standpoint. The lack of attention to such internal compliance can be harmful, not only from a data protection point of view, but also from a strategic business development point of view.

In the last few years, and as a result of the LGPD, Brazilian companies of different types, profiles and sizes have mobilized to implement their “LGPD Adequacy Plan”. With common characteristcs, the basic structrue of this plan, in Brazil, have included, essentialy, measures to publicize the company's data protection rules and policies and to inform customers how the company intends to deal with the new legislation. In this sense, documents such as the Privacy Policy, Whistleblower Channel disclosure and Procedures for exclusion, rectification and/or anonymization of the personal data were adopted in a large scale.

However, such measures are intended to cover only part of the issues embedded in the LGPD, more focused on Consumer Law than any other branch of law. Therefore, this “external look” prevents the company from identifying the needs of its internal work environment.

Looking at the work environment is what allows the so-called internal adaptation of companies to the LGPD. This adaption, which is entirely related to Brazil’s Laboral Law, occurs when the focus of the project is based on the company's laboral routines that involve the collection, processing and use of employees’ personal data. This occurs since the job interview until the moment of a contractual rupture. For example: the collection of CVs; the collection of documents for the employee’s admission; the formalization of the employment contract; the collection of sensitive health data, among others. For each one of these moments (the routines) there will be steps and procedures that must be complied from a data protection legislation standpoint.

Therefore, compliance with LGDP can and should be used by executives (employers) to promote an effective and strategic culture change in the company. That means that the LGPD Adequacy Plan can serve as a tool for the implementation of modern projects that can transform the company's work environment into an environment not only in compliance with the law, but also innovative and welcoming for the employees.

The approach and dissemination of new policies and procedures to employees, even with the initial focus on the data protection theme, makes employees feel included in the context of the company and allows to also adress themes such as sustainability, diversity and inclusion and others that, in addition to fulfilling a finalistic role related to the legal issue of data protection, will also fulfill a strategic role in the company: help improve the work environment and, as a result, improve business development.

Below are examples of themes that can be added to the internal LGPD implementation project:

  • Moral harassment and sexual harassment Policies and Training.
  • Leadership Policies and Training.
  • Institution of Debate Channels or Whistleblower Channel.
  • Institution of Committees to deal with issues regarding diversity, gender and equality.

Including these issues can play a great role in combining the implementation of a necessary project to a strategic cultural transformation within the company.


Article provided by INPLP member: Fábio Lacaz (Andrade, Lacaz & Vasconcelos Advogados (ALV), Brazil)



Discover more about the INPLP and the INPLP-Members

Dr. Tobias Höllwarth (Managing Director INPLP)



Cloud Privacy Check (CPC). Data Privacy Compliance in the Cloud Made Easy

Understand Cloud and Data Protection Law in only 4 easy steps. Plus highly relevant legal information for 33 countries. Provided by EuroCloud and 53 European lawyers.


About Us

EuroCloud is an independent non-profit organization and consists of a two-tier setup where organisations form all European countries can apply to participate in as long as they respect the EuroCloud Statutes.

To act as a true European player, all programs that are developed are intended to be European activities. These European programs are the strength of EuroCloud as a whole. Respect to local cultures along with the will to promote a real European spirit.