Nataly Silva

Specialist in GRC, Privacy, and Data Protection, with strategic performance in the management and administration of the OneTrust platform. Responsible for the technical implementation of privacy programs based on automated and integrated flows, ensuring efficiency, traceability, and regulatory compliance (LGPD, GDPR). Worked with large national and multinational organizations such as Banco Itaú, Mercedes-Benz, CNJ, Sebrae, Grupo Águia Branca, Waelzholz Brasmetal, and CredSystem.

Expertise in ServiceNow, with queue management, call prioritization, and technical evolution of demands in cyber risk environments. Robust experience in tuning and operating the main OneTrust modules:

• ROPA: automation of mappings, inventory, and treatment plan, with conducting interviews and technical survey;

• DPIA/RIPD/LIA: creation of models and visibility rules;

• Consent and Cookies: parameterization via Web/API, banners with geolocation rules, and compliance scanners;

• Incidents: structuring forms and attributes for violation management;

• Third Parties: supplier evaluation, controls, and contract inventory;

• Policies: document management, versioning, target audience, and reading control;

• DSAR: automated workflows, integration with Data Discovery and APIs;

• Audits: customization of criteria, attributes, and evidence governance.

Development of dashboards, reports, KPIs, and indicators for decision-making. Administration of users, permissions, and segregation of profiles with a focus on information security and access control.

• Acting as DPO as a Service, supporting the structuring and execution of the organization's privacy program, focusing on compliance with the LGPD and good data governance practices;

• Conducting interviews with business and technical areas for detailed surveying of data processing operations, with structured registration in the ROPA (Record of Personal Data Processing Operations) via the OneTrust platform;

• Supporting the legal team in the analysis of contractual clauses focusing on data protection, collaborating in the identification of points of attention and proposing recommendations to ensure adherence to the LGPD in contracts with suppliers and partners;

• Supporting the mapping, categorization, and classification of personal and sensitive data, defining purposes, and identifying risks related to processing;

• Responsible for the operationalization of the OneTrust tool, using modules such as ROPA, DSAR, Consent, and Cookies to support data governance and compliance with the LGPD;

• Active participation in the organization's Privacy Committee, collaborating with technical and strategic guidance, aligning actions between areas, and evolving data governance practices;

• Preparing technical reports and recommendations for improving policies, flows, and internal controls related to privacy and data protection.

• Supporting the initial implementation of the OneTrust platform in projects to adapt to the LGPD, with participation in the survey of information for the inventory of personal data;

• Legal research on the fundamentals of the LGPD, the rights of data subjects, and the obligations of controllers and operators;

• Participating in interviews with clients to collect information about data flows, documents, and internal processes;

• Supporting the legal team in reviewing contracts and privacy policies, focusing on clauses related to data protection;

• Contributing to operational tasks of document organization and versioning of compliance and privacy materials.