Summary
Overview
Work History
Education
Skills
Languages
Accomplishments
Timeline
OTHER QUALIFICATIONS
Training
OTHER QUALIFICATIONS
Hi, I’m

GABRIEL HAYDUK

Global DPO
Benton Harbor,MI

Summary

Experienced Data Protection/Privacy Professional with background in Financial, Telecom and Automotive services industry. Skilled in International Data Privacy Management and Information Security Management. More than 10 years experience managing privacy programs for large multinational corporations, focusing on practical implementation of Data Compliance requirements. Brazilian and Italian citizenships.

Overview

24
years of professional experience

Work History

Whirlpool S/A

Data Protection and Privacy Sr. Manager / Chief Privacy Officer LAR
07.2021 - Current

Job overview

  • Automate Data Subject Access Requests (DSAR) response processes, by integrating OneTrust to Whirlpool’s Data Lake and HR SAP;
  • Expand the privacy program to all LAR countries, by developing a regional privacy standard, Privacy Impact Assessment (PIA) template and governance structure, as well as by monitoring the program’s evolution in each country;
  • Identify main fraud strategies that Whirlpool and its client are susceptible to, and launch communications informing clients of how they can protect themselves;
  • Implement a LAR Privacy Committee, where privacy risks and mitigation measures are identified and addressed cross-functionally;
  • Map all critical third parties that process PII on behalf of WHR and train them on Whirlpool’s privacy and security standards, in order to reduce risks of incidents and non-compliance with applicable legislation;
  • Assessment of privacy and cyber controls of WHR’s technical assistance partners, so as to identify gaps, implement mitigation measures and ensure that customer data is being processed in compliance with WHR’s standards and applicable legislation;
  • Review and implementation of privacy notices for all D2C websites, as well as adjust their cookie solution to operate under “legitimate interest” lawful base for processing of personal data;
  • Review and draft of corporate privacy policies, procedures and works instructions, in order to enhance LAR’s privacy governance controls;
  • Development of privacy metrics and KPIs to monitor the progress of the privacy program, identify eventual gaps and implement mitigation measures;
  • Ensure that Yummly Brazil’s (US cooking recipe app deployed in LAR) operation meets local privacy requirements, including data subject request workflows, privacy notices, contractual adjustments and cookie compliance;
  • Integration of privacy and cybersecurity assessment processes (PIA and RSA Archer, respectively), in order to enhance Whirlpool’s third party management controls and cybersecurity resilience;
  • Assessment of B.blend’s current capability to comply with privacy and security requirements, to identify gaps and mitigate risk that might impact Whirlpool;
  • Create a communication plan to foster awareness in LAR countries and deliver engaging training sessions (company-wide and team-specific), as well as a gamified training platform, in order to mitigate risks derived from human behavior.

Tecnobank S/A

Data Protection and Privacy Superintendent (DPO)
10.2020 - 07.2021

Job overview

  • Responsibility for development and implementation of Compliance program on “Lei Geral de Proteção de Dados” (Brazilian’s law for regulation on personal data protection);
  • Informing, emitting recommendations and designing Cloud processes relating to the “Lei Geral de Proteção de Dados” Compliance, including GDPR, observing internal policies and guidelines regarding data protection;
  • Mapping processes and business systems that handle personal and sensitive data;
  • Translating business requirements into a functional specifications set, with detailed acceptance criteria for development teams;
  • Including and negotiating data privacy clauses and privacy notices in commercial agreements and contracts with external entities involved in customer and employee data processing;
  • Working with development teams, projects and support to understand and address data protection law requirements;
  • Ensuring controls to comply with data protection law’s requirements are implemented in an auditable manner;
  • Responding to internal and external audits requirements;
  • Developing and implementing staff awareness training program to achieve full compliance and promote a data privacy culture;
  • Conducting risk assessments in data processing (DPIA), in line with LGPD and GDPR requirements, including data security, security breach, privacy since inception (privacy by design), legitimate interest, purpose limitation and fair processing;
  • Tracking and keeping record of all incidents, complaints, data breaches and notification related to personal data.

Hyundai Motors Brasil

Privacy and Data Protection Sr. Especialist (DPO)
02.2019 - 10.2020

Job overview

  • Responsibility for development and implementation of Compliance program on “Lei Geral de Proteção de Dados” (Brazilian’s law for regulation on personal data protection);
  • Informing, emitting recommendations and designing Cloud processes relating to the “Lei Geral de Proteção de Dados” Compliance, including GDPR, observing internal policies and guidelines regarding data protection;
  • Mapping processes and business systems that handle personal and sensitive data;
  • Understanding and comprehension of procedural and systemic flows for personal and sensitive data treatment and control advisory to maintain its privacy;
  • Translating business requirements into a functional specifications set, with detailed acceptance criteria for development teams;
  • Including and negotiating data privacy clauses and privacy notices in commercial agreements and contracts with external entities involved in customer and employee data processing;
  • Working with development teams, projects and support to understand and address data protection law requirements;
  • Ensuring controls to comply with data protection law’s requirements are implemented in an auditable manner;
  • Responding to internal and external audits requirements;
  • Developing and implementing staff awareness training program to achieve full compliance and promote a data privacy culture;
  • Conducting risk assessments in data processing (DPIA), in line with LGPD and GDPR requirements, including data security, security breach, privacy since inception (privacy by design), legitimate interest, purpose limitation and fair processing;
  • Tracking and keeping record of all incidents, complaints, data breaches and notification involving personal data;
  • Being focal point and facilitator between technical and business areas for alignment and adaptation to the requirements of “Lei Geral de Proteção de Dados” (regulation on personal data protection law)

Telefônica Brasil

Compliance Consultant
06.2017 - 01.2019

Job overview

  • Participated in the Ethisphere certification project - The Most Ethical Companies in the World. First Brazilian Telecom to get this certification;
  • Conducted the Risk Assessment project previously to implementing the corporate Compliance program, including Data and Privacy Protection - Legal and Technology;
  • Conducted, with a Compliance specialized office, the recurring Integrity and Data Risk Assessment activities of the Group’s subsidiaries;
  • Direct focal point for company executives (Compliance Champions) and Compliance department;
  • Assisted in creating and periodically reviewing the risk map of Compliance department together with Audit team;
  • Consolidated and revised Integrity indicators for periodic submission to headquarters.

Brazilian Air Force

Independent Consultant
08.2014 - 08.2016

Job overview

  • Creation and management of Business Continuity and Information Security policies as the main reference ISO / IEC 27001 and 22301; ITIL; COBIT and international standards respecting the current legislation of each country;
  • Elaboration and dissemination of awareness programs in Crisis Management and Business Continuity for Officials of all levels;
  • Elaboration of crisis management plans: World Cup / 2014 and Olympics / 2016;
  • Creation of several controls adopted to prevent leakage of confidential information.

Banco Itaú S.A.

Senior Business Continuity Analyst
11.2011 - 10.2013

Job overview

  • 2 years of experience in developing disciplines of Business Continuity Management, such as: Risk Assessment, Emergency Plans, Business Impact Analysis (BIA), Business Continuity Plans (BCP), and Crisis Management;
  • Familiarity with the financial sector (Commercial Banks, Wholesale, Investment, Brokerage);
  • Development of international projects of Business Continuity on business offices in the USA, Caribbean, Asia and Europe;
  • Development of internal policies, based on standards of business continuity management (ISO-22301, BS-25999, NBR-15999);
  • Coordination of several contingency simulations (Disaster Recovery Plan), with transaction processing on alternative data center to meet regulations for financial institutions, such as Basileia, the Central Bank of Brazil (BACEN, in Portuguese), Brazilian Financial and Capital Markets Association (ANBIMA, in Portuguese), the Securities Commission of Brazil (CVM, in Portuguese), and the Superintendence of Private Insurance (SUSEP, in Portuguese);
  • Management of the availability of IT services (market methodologies study - Cobit, ITIL - to manage changes, incidents, and problems);
  • 2 years of experience in coordinating IT projects resulting from M&As, such as data center migrations (BankBoston, Orbitall, Unibanco);
  • Development and Management of Information Security policies, Crisis Management and Business Continuity in Brazil and abroad with the primary reference ISO/IEC 27001 and 22301; ITIL; COBIT; SOX; and PCIDSS.

Banco Itaú S.A.

Senior Information Security Analyst
06.2006 - 11.2011

Job overview

  • Development of the website http://www.itau.com.br/seguranca/ for awareness of customers - Focus on reducing the number of bank frauds;
  • Training and awareness of staff in Brazil and abroad (Chile, Argentina, Japan, China, Bahamas, Cayman, and the USA) having as target executives and specific areas in the disciplines of Information Security, Crisis Management and Business Continuity;
  • Control of projects based on market standards such as CMMi, PMBOK, ITIL, and COBIT;
  • Information Security Project as a Competitive Advantage - development of various controls used by large global banks in preventing information leakage. Objective: To have a simple and objective corporate vision of the risks involving critical information to business and clear rules for handling such information from its origin to its disclosure.
  • 1. Logical Accesses
  • Encryption on the local disk in corporate equipment;
  • Document printing through login and password with a record of what was printed;
  • Pen drive and CD/DVD burner blocked on corporate equipment;
  • Smartphones - Free to use with restrictions and controlled through the use of password, automatic reset for access to the device, and encryption on the storage, remote data disposal in case of theft or unsuccessful access attempts;
  • Permission to remote access only with corporate equipment;
  • Prohibition of third party and service providers access to the production environment and BI;
  • Access granted in an automated manner and based on "function profile" building profiles according to the activities performed by the employee;
  • Periodic review of access to network folders and critical systems.
  • 2. Policies
  • Development of sectorial policies more restrictive for areas that handle confidential information - rules about telephone recordings, shielding the meeting rooms, controlled access, restrictions on the use of personal mobile phone in the workplace.
  • 3. Internet / E-mails
  • Use of encryption in the transit (internal and external) of messages via email;
  • Monitoring emails containing customer information (credit card, customer base, employees) - exceptions approved by director or superintendent of the area in charge.
  • 4. Physical Access
  • Control of physical access for certain environments;
  • Telephone recording system.
  • 5. Awareness
  • More Safety Program - Training of technical staff and awareness of employees regarding ethical and safe handling of confidential information, especially customer data protected by bank secrecy.

Credicard S.A.

Management Information Analyst
07.2001 - 07.2006

Job overview

  • Preparation of management reports to supply the board in making decisions;
  • Negotiating and managing contracts and IT projects;
  • Analysis of contract drafts and corporative procedures (preparation, risks and approvals);
  • Preparation and internal regulations control.

Education

Faculdades Metropolitanas Unidas (FMU)

Bachelor of Laws

Escola Paulista de Direito (EPD)

Postgraduate from Corporate Law and Compliance

Maastricht University

Master Degree from Data Protection, Cybersecurity and Data Management

Skills

  • Strategic planning
  • Cross-functional collaboration
  • Operations management
  • Cross-functional team coordination
  • Troubleshooting and problem resolution
  • Data-driven decision making
  • Budget oversight
  • Budget administration

Languages

English – Advanced (Conversation and writing).
Spanish – Intermediate (Conversation and writing).

Accomplishments

Experienced in leading and scaling global privacy programs with a focus on automation, operational efficiency, and cost reduction. Proven track record in deploying and optimizing privacy tools across regions, minimizing manual processes and enhancing compliance. Key areas of expertise include consent and preference management, cookie compliance, AI and privacy-by-design in product development, data discovery, PIA, TIA, DSAR management, TPRM, and data mapping. Successfully implemented integrated solutions to support global regulatory requirements and drive measurable impact.

Timeline

Data Protection and Privacy Sr. Manager / Chief Privacy Officer LAR

Whirlpool S/A
07.2021 - Current

Data Protection and Privacy Superintendent (DPO)

Tecnobank S/A
10.2020 - 07.2021

Privacy and Data Protection Sr. Especialist (DPO)

Hyundai Motors Brasil
02.2019 - 10.2020

Compliance Consultant

Telefônica Brasil
06.2017 - 01.2019

Independent Consultant

Brazilian Air Force
08.2014 - 08.2016

Senior Business Continuity Analyst

Banco Itaú S.A.
11.2011 - 10.2013

Senior Information Security Analyst

Banco Itaú S.A.
06.2006 - 11.2011

Management Information Analyst

Credicard S.A.
07.2001 - 07.2006

Faculdades Metropolitanas Unidas (FMU)

Bachelor of Laws

Escola Paulista de Direito (EPD)

Postgraduate from Corporate Law and Compliance

Maastricht University

Master Degree from Data Protection, Cybersecurity and Data Management

OTHER QUALIFICATIONS

  • CIPP/E; CIPM; CDPO and FIP certified by International Association of Privacy Professional (IAPP);
  • ECPC-B. Professional DPO Certification from Maastricht University;
  • Member of the New Technologies and Data Protection Committee from the São Paulo Lawyers Institute (IASP);
  • Member of DPO’s and CISO’s Work Group from The Federation of Industries of the State of São Paulo (FIESP);
  • Additional skills: Proficient writer, communicative with good interpersonal skills, a team player, leadership, initiative, ability to delegate tasks, willingness to act in different roles and willing to travel.

Training

  • How to Prepare for Lawsuits and Strategic Litigation Regarding the LGPD – Data Privacy Brasil
  • Data Protection and Reputation: How to Protect Corporate Branding in the Event of Data Breaches – Data Privacy Brasil
  • How to Comply With the LGPD using Artificial Intelligence? – Data Privacy Brasil
  • Applied Digital Law – Fundação Getúlio Vargas;
  • Protection of Personal Data and Privacy – Data Privacy Brasil;
  • Law, Internet and Democracy – Instituto de Tecnologia e Sociedade (ITS);
  • General Data Protection Regulation (GDPR) – Opice Blum Academy;
  • Security Officer, Modulo Certified Security Officer I - Education Center Module;
  • Security Officer, Modulo Certified Security Officer II - Education Center Module;
  • BS7799 Lead Auditor (BS7799-2:1999) - BSI;
  • 27001 and 27002 SGS Practice Code and Requirements - Brazilian Association of Technical Standards (ABNT, in Portuguese)
  • Lead Auditor in Information Security ISO 27001 - Education Center Module;
  • Cyberlaw - FEBRABAN;
  • Managing IT Projects - Banco Itaú;
  • How to obtain Efficiency in Project Teams - Fundação Getúlio Vargas;
  • Project Management Drills - Fundação Getúlio Vargas;
  • Presentation Techniques - Banco Itaú;
  • Communicating: How to speak in Public - Banco Itaú;

OTHER QUALIFICATIONS

  • CIPP/E; CIPM; CDPO and FIP certified by International Association of Privacy Professional (IAPP);
  • ECPC-B. Professional DPO Certification from Maastricht University;
  • Member of the New Technologies and Data Protection Committee from the São Paulo Lawyers Institute (IASP);
  • Member of DPO’s and CISO’s Work Group from The Federation of Industries of the State of São Paulo (FIESP);
  • Additional skills: Proficient writer, communicative with good interpersonal skills, a team player, leadership, initiative, ability to delegate tasks, willingness to act in different roles and willing to travel.

Similar Profiles

CREATE PROFILE