Today I decided to share a different kind of post. I was at a business lunch last weekend when someone asked me, “How did you get started in privacy?”

It's the kind of question that makes you pause for a second. With over 8 billion people in the world, I highly doubt any kid ever said, “I want to be a privacy analyst, Miss Helena!”

Before I dive into the story, how about subscribing to this humble newsletter?

Let me start by saying I’m not a privacy analyst. I never was, and I won’t be. There are millions of professionals around the world doing the real work on the front lines to protect this fundamental right. What I do is work to make their lives easier.

It was 2015. The first company I co-founded with my business partner, Aline Deparis, was doing really well. But entrepreneurs are rarely satisfied with just one business. Where there's opportunity and demand, we look for solutions, especially in the digital world.

At the time, I started diving into a hot topic: Blockchain.

I got certified, studied deeply, and became a Hyperledger specialist just as it was launched by the Linux Foundation. I built several federated blockchain networks for different companies experimenting with the technology. I got into Ethereum, not just the cryptocurrency, but the development of smart contracts. I published a few contracts, some of which worked, some didn’t.

I spent nearly two years experimenting with emerging technologies and trends, but still didn’t have a business case that truly made sense to us or felt familiar.

Then, sometime between 2016 and 2017, we got an opportunity to work on a federated identity project using blockchain, in partnership with a Swiss company. That’s how Trubr.com was born.

Trubr was a Brazilian startup that ran for two years, from 2016 to 2018. Our goal was to create a digital identity for citizens of a country. We tried to pitch it to the governments of at least three countries, but things didn’t work out and we shut it down.

It’s never easy to shut down a startup. As my partner likes to say, we “failed at 1000 km/h.”

Looking back, I truly believe we were too early. Even now, eight years later, digital identities still aren’t a reality in most countries, and very few (if any) are using blockchain and ZKPs properly. In fact, I can’t name a single one.

Still, every experience teaches you something. You always take something home.

To work with digital identity in European countries, a key requirement was ensuring privacy for EU citizens. And guess what? In 2016, the GDPR had just been published and was set to go into effect two years later, in 2018.

But as we say around here, “once bitten, twice shy.”

We weren’t about to start a new business right after shutting one down, letting go of people, ending partnerships... it’s not something you bounce back from overnight.

In 2018, we flew to Orlando to attend Gartner Symposium. We wanted to spot trends, discover new businesses, and get ahead of what could work in Brazil in the coming years.

We met over 200 companies, startups, long-established businesses, and many that were just beginning their journey in privacy and data protection.

The message was clear: this was going to be a global trend, not limited to the EU.

We already knew the GDPR well, and we agreed. But when would a similar law be passed in Brazil?

Who would invest in a startup built to serve a demand that didn’t exist yet in its own country?

Should we try again in the European market? How many Brazilian startups actually succeed in Europe without millions of euros in investment and heavyweight connections?

It felt like mission impossible. But once again, with my business partner, we came back determined to build the best privacy management software for companies, something that didn’t exist in Brazil but we believed would soon be needed.

We started building Privacy Tools. Less than six months later, KABOOM, Brazil launched the LGPD (General Data Protection Law), which came into force in 2020.

Since then, it’s been six years of battles, hustle, sweat, and hard work to position our startup as the national leader in the sector, something I’m incredibly proud of.

Yesterday, we celebrated six years of a team that’s shaping the future of privacy in Brazil and, starting in 2026, the rest of the world. Get ready!

What? Were you expecting an Oscar-worthy story? Ha, I thought it was pretty cool. Maybe not an Oscar, but a Golden Globe? That’s fair, right?

Of course, I had to study a lot to truly support our clients. I earned several certifications, but nothing compares to the real-world experience of implementing privacy programs from the ground up. I’ll admit that over the past two years, maybe a bit less, I’ve been stepping away from day-to-day operations. But in the beginning, it was all-out guerrilla mode to make things work. No certificate from IAPP, Exin, or whoever can compare to that hands-on learning.

Only those who’ve stood in the middle of the coliseum will know what I mean.

Academia doesn’t even come close to the real challenges of training people, selling privacy in a market that barely knows what it is, building software that actually solves problems instead of just doing some “privacy washing” like many tools out there. It’s a battle, but one that comes with its rewards.

This year, I launched a book on Amazon called Privacy for Software Engineers, where I tried to pour all that experience into something useful for IT teams, because at the end of the day, they’re the ones who make the magic happen in any privacy program (unless your company isn’t digital... does that even exist?).

What about you? What was your journey like?

Did you enjoy this kind of post? Real world, real life as it is.

See you next time!

PS: To keep this post extra real, I’m not even going to proofread it like I usually do … so pardon any grammar or typing errors, it was all off the cuff hahah.