Trustly

Senior Privacy Counsel

Trustly

full-time

Posted on:

Location Type: Hybrid

Location: LondonUnited Kingdom

Visit company website

Explore more

AI Apply
Apply

Job Level

Senior

About the role

  • Work closely with Product Counsel across the EU and UK region, serving as the specialist privacy adviser on complex privacy matters, regulatory queries, and high-risk data processing activities.
  • Develop and execute Trustly's privacy and data protection strategy for the EU and UK region, ensuring compliance with GDPR, UK GDPR, Data Protection Act 2018, ePrivacy Directive, and national data protection laws across EU member states.
  • Provide specialist, in-depth privacy advice, ensuring complex privacy issues are resolved effectively.
  • In collaboration with the wider Privacy & DPO Team, implement and adapt Trustly's global privacy framework to ensure compliance with EU and UK requirements.
  • Conduct and oversee privacy impact assessments (PIAs) and data protection impact assessments (DPIAs) for new products, services, features, and business initiatives.
  • Provide specialist privacy by design guidance to Product Counsel for embedding into product and engineering workstreams as required.
  • Manage data subject rights requests and handle data disclosure requests from law enforcement authorities, ensuring timely and compliant responses.
  • Lead privacy breach preparedness and incident response efforts for the EU and UK region, including developing incident response plans, coordinating breach investigations, and managing regulatory notifications.
  • Monitor legislative and regulatory developments affecting privacy and data protection in the EU and UK, providing timely analysis and recommendations to senior leadership.
  • In collaboration with the Global DPO, manage engagements with privacy regulators in the EU and UK, including the Information Commissioner's Office (ICO), European Data Protection Board (EDPB), and national data protection authorities across EU member states.
  • Collaborate closely with the global Privacy & DPO team to ensure alignment on privacy strategies, share best practices, and coordinate cross-regional privacy initiatives.
  • Develop and maintain privacy documentation, including data inventories, records of processing activities, and privacy compliance registers.

Requirements

  • Law degree (LLB, LLM, or equivalent) and qualified solicitor, barrister, or equivalent legal qualification in an EU member state or the UK, with 7-10 years of experience as a privacy lawyer at a technology company, including strong training at a reputable law firm.
  • Proven experience in a consumer-facing environment, with deep understanding of consumer privacy expectations and regulatory requirements in the FinTech or payment services sector.
  • Experience working as part of a global privacy team, with proven ability to collaborate effectively across multiple jurisdictions and time zones.
  • Deep expertise in EU and UK privacy laws and regulations, including GDPR, UK GDPR, Data Protection Act 2018, ePrivacy Directive, and national data protection laws across EU member states, with the ability to advise on novel and complex EU and UK privacy issues without external support.
  • Experience advising on cross-border data transfers using standard contractual clauses, adequacy decisions, binding corporate rules, and other transfer mechanisms.
  • Experience handling data subject rights requests and data disclosure requests from law enforcement authorities.
  • Experience implementing privacy by design and data protection by default principles and working closely with Product and Engineering teams to embed privacy into technology development, with excellent legal drafting skills for privacy policies, notices, consent mechanisms, data processing agreements, and controller-processor agreements.
  • Entrepreneurial and creative by nature with a bias for action, strong project management skills to manage multiple complex privacy initiatives simultaneously, and proven ability to provide practical, business-oriented privacy advice that balances legal compliance with business objectives.
  • Exceptional interpersonal and communication skills with the ability to explain complex legal issues in simple terms, strong understanding of international privacy frameworks, and experience managing data breach incidents including regulatory notifications to supervisory authorities.
  • Relevant professional privacy certifications (e.g., CIPP/E, CIPM, CIPT) are highly desirable.
  • Willingness to work flexible hours to collaborate with global privacy team members across different time zones and travel occasionally for meetings.
Benefits
  • 20 to 30 days of holiday to support a healthy work-life balance
  • Monthly team outing allowance to enjoy social events with your colleagues
  • Parental leave top-up additional support for new parents
  • On-site perks to make your workday smoother
  • Well being support our health allowance covers gym memberships, massages, and much more to help you feel your best
  • Additional benefits designed to enhance your work-life experience!
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
GDPRUK GDPRData Protection Act 2018ePrivacy Directiveprivacy impact assessmentsdata protection impact assessmentsprivacy by designdata processing agreementscross-border data transferslegal drafting
Soft Skills
project managementinterpersonal skillscommunication skillscollaborationproblem-solvingcreativitybusiness-oriented adviceability to explain complex issuesentrepreneurial mindsetbias for action
Certifications
CIPP/ECIPMCIPT