• Much has been written and transmitted about the amendment to the General Data Protection Regulation on the 25th of May. We therefore leave several alerts regarding its entry into force: 
   
  In the case of an Organization

​

• Consents given by workers before the aforementioned date are void;

• Resumes – The entity must proceed to the safe destruction of the same ones that it has in its possession;

• As for the ones you receive, you will have to define in advance a period for their conservation, and after their validity you must also destroy them (for this purpose, it is suggested to use a computer application that automatically eliminates the documents);

• Existing files on physical support (using doors and locks) that contain personal data must be closed;

• Only the person responsible for the personal data can have access to them, even when the process is not active, access must be prohibited to unauthorized third parties;

• The documents called drafts cannot be used in any way when they contain personal information;

• If there is an undue attack on the documentation, it must be reported to the National Data Protection Commission (CNPD) within 72 hours after becoming aware of the situation;

• It is convenient to always inform the CNPD, as fines will be foreseen for failure to communicate within the due deadlines;

• Please note that access to everything visible in your office will be available to cleaning staff and those responsible for security;

• In case of attachment of wages to workers, the pay slip must not be sent to the Enforcement Agent;

• The request for personal data in a contractual (employment contract) or pre-contractual relationship does not violate the GDPR. You will not be able to use these same data for other purposes;

• The current employment contracts will have to have an amendment to contemplate the changes imposed from May 25, 2018;

• The employment contracts to be concluded will have to have new clauses.