Nara Lilly
Newark,Delaware
Summary
Data Privacy and Protection - GRC My expertise lies in bridging the gap between legal frameworks and operational realities , ensuring organizations operate ethically and securely in today 's data -driven world . Experienced Data Privacy Protection Professional (legal/ops) with a comprehensive background in ensuring regulatory compliance . Proficient in crafting data privacy policies and DPA/ contracts, conducting risk assessments, and driving cross-functional collaboration to mitigate privacy risks.
Overview
16
16
years of professional experience
1
1
Certification
1
1
Language
Work History
Senior Data Privacy and Protection Analyst
RD Station
01.2021 - Current
- Spearheaded development and execution of comprehensive data privacy compliance programs, meticulously aligning with General Privacy Law (LGPD), GDPR, CCPA, and other pertinent regulations, resulting in 85% compliance rate across all applicable laws
- Conducted comprehensive risk assessments, including Privacy Impact Assessments (PIAs) and
- Data Protection Impact Assessments (DPIAs), proactively identifying potential privacy risks and formulating actionable mitigation strategies, leading to remarkable 70% reduction in privacy- related risks
- Crafted and maintained data privacy policies, standards, and procedures, achieving strict alignment with legal requirements and industry best practices.
- Proficiently drafted, reviewed, and negotiated complex contracts and data protection agreements with third-party entities, strategically mitigating privacy risks and liabilities
- Developed and delivered cutting-edge privacy training programs, awareness campaigns and initiatives for employees at all organizational levels, fostering pervasive culture of privacy awareness and compliance
- Led responses to privacy incidents, resulting in minimizing legal exposure and preserving reputation
- Led operational data protection efforts, overseeing DSARs, Data Mapping, and integrating Privacy by Design principles, streamlining processes for increased efficiency and compliance.
- Developed and implemented data governance policies and procedures.
- Developed complex dashboard and reporting tools to track business performance metrics.
Data Protection Officer and Compliance Officer
Méliuz S/A
01.2018 - 01.2021
- Led strategic creation and successful implementation of robust data privacy compliance initiatives, expertly harmonizing with General Privacy Law (LGPD), GDPR, CCPA, and relevant regulatory frameworks
- Achieved impressive 78% compliance rate encompassing all pertinent legislation
- Conducted thorough risk evaluations, encompassing Privacy Impact Assessments (PIAs) and Data
- Protection Impact Assessments (DPIAs), consistently anticipating and addressing potential privacy vulnerabilities
- Spearheaded actionable risk mitigation strategies, resulting in outstanding 75% reduction in privacy-related risks
- Developed and implemented privacy policies, standards, key metrics, procedures, and providing actionable insights for enhanced data protection
- Resulting in 2.5x increase in operational efficiency, comprehensive data privacy compliance programs
- Education
- Skills
- Compliance and Privacy Consultant Lawyer , Cesnik Quintino e Salinas Advogados
- Orchestrated successful implementation of robust privacy programs, ensuring strict compliance with regulatory agencies, and delivering remarkable 70% enhancement in data protection measures
- Implemented robust compliance, and privacy programs for clients in highly regulated sectors, resulting in enhanced operational efficiency and reduced regulatory risks
- Evaluated impact of emerging privacy regulations on client programs, offering strategic adaptation and compliance recommendations.
- Oversaw security policy management framework and departmental security policies using policy lifecycle approach
- Conducted security audits to identify vulnerabilities
Legal and Compliance Director
Brazil Communications Company S.A
04.2008 - 11.2016
- Strategically aligned compliance program with anti-corruption laws, achieving 80% reduction in violations and 75% decrease in legal penalties over three years
- Generated and executed comprehensive internal control reports, resulting in 90% increase in issue identification and 85% improvement in audit outcomes for Risk and Audit Steering Committee
- Pioneered introduction of Denunciation Channel, driving 50% increase in reported ethical concerns within first year, highlighting organization's commitment to transparency and ethical behavior
- Efficiently conducted Due Diligence for suppliers, leading to 65% reduction in high-risk vendor relationships and 100% cost savings in procurement
- Managed risk across compliance, strategic, and operational domains, contributing to 60% reduction in compliance incidents and fostering culture of resilience and integrity.
- Oversaw internal and external registration as well as training audits.
- Raised operational quality with development, implementation and management of robust internal controls.
- Implemented effective compliance policies and procedures to meet regulatory requirements.
- Prepared and presented comprehensive reports to upper management and audit team, covering issues and recommendations.
- Developed compliance training initiatives and materials, educating staff on regulations.
Education
Bachelor Degree of Law -
Pontifícia Univ. Católica De Goiás
MBA - Cyber Security
SENAC SP
07.2024
MBA - Big Data & Analytics
FMUSP
12.2022
Skills
- NIST Privacy Framework
- NIST Cybersecurity framework
- One Trust, Security AI
- Staff Management
- Negotiation
- Budgeting
- Team building
- Legal writing
- Investigation skills
- Document review
- Policy analysis
- Internal Audits
- Risk analysis
- Compliance documentation
- Strategic planning
- Analytical and Critical Thinking
Accomplishments
- Post-graduation in Data Science and Big Data Analytics, FMU
- Ongoing
- Strategically aligned compliance program, through policy and procedure reviews, with Brazilian and international anti-corruption laws, achieving an 80% reduction in violations and a 75% decrease in legal penalties over three years
- Generated and executed comprehensive internal control reports for the Risk and Audit Steering
- Committee, leading to an impressive 90% increase in the identification of potential issues and a improvement in audit outcomes
- Pioneered the successful introduction of the Denunciation Channel, resulting in a 50% increase in reported ethical concerns within the first year, demonstrating the organization's commitment to transparency and ethical behavior
- Skillfully facilitated Due Diligence procedures for suppliers and service providers, resulting in a reduction in high-risk vendor relationships and a 75% cost-saving in procurement processes
- Post-graduation in Information Security, SENAC
Certification
Certified ISO/IEC 27701 - Lead Implementer for Privacy Information Management System
(PIMS)
Certified ISO/IEC 37301 - Lead Implementer for Compliance Management Systems (CMS)
Timeline
Senior Data Privacy and Protection Analyst
RD Station
01.2021 - Current
Data Protection Officer and Compliance Officer
Méliuz S/A
01.2018 - 01.2021
Legal and Compliance Director
Brazil Communications Company S.A
04.2008 - 11.2016
Bachelor Degree of Law -
Pontifícia Univ. Católica De Goiás
MBA - Cyber Security
SENAC SP
MBA - Big Data & Analytics
FMUSP
Similar Profiles
Ana Carolina MendesAna Carolina Mendes
Business Analyst at RD StationBusiness Analyst at RD Station
Marcos BritoMarcos Brito
Software Engineering Team Leader at RD StationSoftware Engineering Team Leader at RD Station
Luis Felipe MattosLuis Felipe Mattos
Software Engineer at RD StationSoftware Engineer at RD Station
Eric Ayala-OrtizEric Ayala-Ortiz
Church Volunteer at Holy Angels SchoolChurch Volunteer at Holy Angels School
Henry CowellHenry Cowell
AFSO/Logistics Coordinator/Machine Operator at Oceanport LLCAFSO/Logistics Coordinator/Machine Operator at Oceanport LLC