The Ministry of Labor and Employment enacted Ordinance MTE No. 1,419 on August 27, 2024, effective from May 2026, which expressly incorporated into Regulatory Standard No. 1 (“NR‑1”) the requirement to include the mapping of psychosocial workplace risks within Occupational Risk Management (GRO) and the Risk Management Program (PGR).
The Standard, which previously focused more on preventing workplace accidents, expands its concept of a safe work environment to include elements of risk that had not been previously mapped but directly affect employees’ performance and health.
With the new general guidelines established by NR‑1 for occupational health and safety, companies are now required to identify and manage psychosocial risks—such as stress, harassment, excessive workload and burnout—thereby addressing factors that affect employees’ mental health and adopting preventive and/or corrective measures for identified risks.Noncompliance with NR‑1 may result in fines and penalties for companies, depending on the severity of the infraction, the company’s size and the number of employees.
Given these new processes, companies’ processing of personal data and sensitive personal data will expand, and organizations must pay careful attention to privacy and to the assessment of third‑party providers contracted to assist with the NR‑1 mapping.
When dealing with sensitive data (such as information related to an employee’s mental health), Article 5, II of the LGPD requires more robust governance by the data controller; once exposed, such data can cause harm and negative impacts to the data subject. In addition, the processing operation in question may be characterized as high‑risk processing if it meets the requirements of Article 4 of CD/ANPD Resolution No. 2/2022.
In this manner, it is necessary for companies to be attentive so that compliance with the General Data Protection Law is observed in this new context of processing, and that privacy protection is incorporated from the outset into the infrastructures of the technologies adopted or developed to comply with the standard in question.
Furthermore, one of the most important aspects of implementing this process will be due diligence of the involved vendor, to verify adherence to required levels of privacy, security and compliance.
In light of the recent regulatory updates, Peck Advogados has a team of specialists with broad experience in privacy and contractual risk management ready to support organizations with strategic alignment.
For more information or to schedule a conversation with our specialists, contact us at contato@peckadv.com.br.
Prepared by: Dr. Graziella Rosa, Head of Digital Advisory, and Dr. Bianca Melo da Cruz, Digital Advisory Attorney.
Published in December by the National Monetary Council (CMN), Resolution CMN No. 5,274/2025—which establishes new cybersecurity requirements for all institutions authorized to operate by the […]
The Public Consultation on the “Ethical Use Guide for Artificial Intelligence for the Brazilian User” is now open. This initiative from the Ministry of Justice […]
The recent enactment of Law No. 15,325/2026, which recognizes the multimedia profession, combined with the processing of PL No. 5,990/2025, which proposes specific rules for […]
Rua Henrique Schaumann, nº 270, 4º andar
Edifício Pinheiros Corporate,
São Paulo – SP | CEP: 05413-909
(11) 2189-0444