Pipefy reaches high maturity level for LGPD and security frameworks with OneTrust

Two colleagues sitting at office table in open office

Pipefy is a maker of workflow management software that empowers managers to organize and control their activities in a single place, which allows everyone in the organization to automate and streamline any process on their own, without the need for programming skills. The platform allows teams such as Finance, HR, Customer Service, among others, to have more control over their operations, connecting departments, centralizing requests, and contributing to a better view of processes.

Founded in 2015, Pipefy is used in more than 215 countries by more than 3,000 customers, including leading companies such as Visa, IBM, Coca-Cola and Volvo, and many Brazilian companies such as Magalu, FIEC, Chiquinho Sorvetes, among others.

Cainã Gomez, Head of Governance, Risk and Compliance at Pipefy, explains that the company has chosen as a starting point the simplification and automation of numerous processes, including HR Requests, IT Requests, Expense Reimbursement, Maintenance Requests and more.

The search for a solution that unites privacy, security, and governance

As a global company, Pipefy must comply with a variety of privacy regulations and security frameworks. According to Cainã, the Brazilian team was growing rapidly and it became evident that they needed a solution that could help them to structure the security deliveries and vendors administration.

“We always follow security and data protection best practices. And we urgently needed a strategic partner to help us quickly automate all privacy, security and data governance workflows,” said Cainã.

OneTrust was the first name that came to mind. As a global benchmark in implementing central  and agile workflows through privacy, security, data governance, GRC, third-party risk, ethics and  compliance, Pipefy sought out OneTrust to assist them in these challenges.

“We needed a complete solution, it wasn’t something we would develop internally. And at Pipefy we thought: if we can’t do it alone, we’re going to hire the best. We were well-served from start to finish. And we continue to be well served,” said Cainã.

"We needed a complete solution, it wasn't something we would develop internally. And at Pipefy we thought: if we can't do it alone, we're going to hire the best. We were well-served from start to finish. And we continue to be well served."


Cainã Gomez, Head of Governance, Risk and Compliance

Bringing privacy and security to pipefy

Pipefy has acquired OneTrust’s  Privacy and GRC solutions modules to comply with LGPD, GDPR and SOC 2 and ISO security frameworks, including:

  • Data Mapping: to keep an always-up-to-date map of complete data flows and processing records. 
  • PIA & DPIA Automation: to help identify and guide the use of personal information across the organization. 
  • Privacy Rights Automation (DSAR): to automate orders from receipt to fulfillment and meet  LGPD deadlines. 
  • Cookie Consent: for the creation of the geo-specific cookie banner and cookie policy. 
  • Consent and Preference Management:  to collect, centralize, and sync consent across domains, platforms, and systems to respect customer privacy and comply with LGPD. 
  • Mobile App Consent:  to understand the tracking done in mobile apps and deliver transparent and tailored user experiences to capture valid consent 
  • Digital Policy Management: for the creation, management and distribution of business policies throughout the organization. 
  • Vendor Risk Management: for vendor management, risk assessment and mitigation, controls and contracts registration, data flows mapping and threat monitoring. 
  • Audit Management: to transform the audit process into a centralized dynamic measure. 
  • Ethics Policy Management: for the creation, management, and distribution of corporate policies throughout the organization. 
  • Maturity and Benchmarking: to perform LGPD and GDPR maturity level assessments and comparative analysis with other organizations. 
  • Privacy Incident Management: to document incidents, understand whether they result in a breach, analyze harm to individuals and determine whether a notification to data subjects is required.
  • Privacy Training: to provide training to everyone in the organization for greater awareness and safety.

“We wouldn’t have time to develop a platform or internal processes for certifications to be achieved. OneTrust helped Pipefy a lot in managing these processes. We have a high level of maturity achieved for the LGPD,” said Cainã.

“At every step we take together, the return on investment is excellent, especially evaluating everything that was previously done manually that we are now able to automate with OneTrust,” said Cainã.

"At every step we take together, the return on investment is excellent, especially evaluating everything that was previously done manually that we are now able to automate with OneTrust.."


Cainã Gomez, Head of Governance, Risk and Compliance

You may also like


Responsible AI

Unpacking the EU AI Act

Prepare your business for EU AI Act and other AI regulations with this expert webinar. We explore the Act's key points and requirements, building an AI compliance program, and staying ahead of the rapidly changing AI regulatory landscape.

July 12, 2023

Learn more


Consent & Preferences

Live demo: How to automate consent and preference management with OneTrust

In this webinar, we demonstrate how OneTrust Consent and Preferences helps build stronger customer relationships by providing transparency, giving users control over their data use, and delivering personalized experiences.

June 29, 2023

Learn more


Privacy Management

Unpacking the EU-US DPF

In this webinar, we cover the new EU-US Data Privacy Framework (EU-US DPF) and what privacy program managers need to know for post-Schrems II data transfers.

June 28, 2023

Learn more