Employee Data Privacy

Brazil - Registration Requirements

 Download as a PDF

Does HR data processing require registration under data protection laws?



Data protection laws sometimes include conformity assessments, which help to ensure businesses follow regulations. Requirements can include registration before the Data Protection Authority and random audits. 

Brazil’s General Data Privacy Law (LGPD) does not include a registration requirement. That said, Brazil’s data protection authority (ANPD) can require that employers and other data controllers submit impact reports when the general principles of processing personal data under the law are at risk, particularly when processing is based on the company’s legitimate interest. Employers and other data controllers are required to retain records of personal data processing operations. In the event an impact report is required, it should contain at minimum:

  • a description of the types of data being collected;
  • the method(s) used for collecting/processing personal data;
  • the method(s) used to ensure the data is being secured; and,
  • the employer’s analysis of measures that have been adopted to safeguard the data and mitigate risk.

UKG's HR Compliance Assist team relies on a network of internal and external compliance experts and lawyers to provide clients with best practices and recommendations on topics such as HR document retention, employee data privacy, and HR electronic records. HR Compliance Assist also provides local compliance monitoring and alert services in select countries where UKG's customers have employees. HR Compliance Assist is a service exclusively available to UKG customers.

Share Your Feedback

Let's Talk