Privacy Counsel

This is a fully remote position, open to applicants in United Kingdom.

📋 Description

• Implement an ***AI-First*** strategy by responsibly utilizing AI tools to enhance research quality, improve drafting efficiency, and streamline privacy assessment processes.

• Exhibit Change Agility by swiftly adapting to changing global privacy and AI regulations, modifying guidance as new risks, tools, or requirements arise.

• Employ ***First Principles Problem Solving*** to distill complex privacy issues, clarify assumptions, and offer clear, structured recommendations.

• Utilize ***Data-Driven Decision Making*** during Data Protection Impact Assessments (DPIAs) and related assessments, anchoring evaluations in evidence, criteria, and regulatory expectations.

• Assist the existing Privacy function with global privacy assessments, including DPIAs, AI DPIAs, Targeted Impact Assessments (TIAs), Legitimate Interest Assessments (LIAs), and other organized risk reviews.

• Evaluate new and existing product features, AI functionalities, and data practices as part of a privacy-by-design approach, identifying risks and opportunities early in the development process.

• Draft, review, and negotiate data processing agreements (DPAs), privacy terms, and commercial contracts to facilitate global sales and procurement efforts.

• Maintain and regularly update privacy contractual documentation along with internal templates and policies.

• Develop and deliver internal training sessions on privacy and AI governance.

• As part of the Privacy function, support internal and external privacy audits, collaborate with external advisors, and ensure alignment across business functions regarding assessment findings and remediation efforts.

• Track the evolution of privacy laws, case law, AI governance frameworks, and regulatory trends, sharing essential insights with stakeholders to uphold compliance and anticipate future requirements.

⛳️ Requirements

• A qualified lawyer (UK or EU) with GDPR experience and a minimum of 5 years PQE (a mix of in-house or private practice experience is acceptable). Impact is more important to us than years of experience; if you possess pertinent specialist knowledge, we encourage you to apply even if you do not meet the 5+ years criterion.

• Comprehensive understanding of EU/UK GDPR and familiarity with global privacy laws (US, Middle East, Asia).

• Experience in drafting and negotiating data processing agreements and addressing privacy-related matters in a global business environment.

• Demonstrated capability to manage data breaches, regulatory notifications, and privacy audits effectively.

• Exceptional communication skills, with the ability to convey complex legal concepts in a simplified manner for non-legal audiences.

• Strong grasp of AI technologies, their ethical implications, and associated legal frameworks.

• Outstanding analytical, problem-solving, and decision-making abilities, with a capacity to offer practical and strategic legal advice.

• Experience in utilizing privacy management systems such as OneTrust is mandatory.

• Ability to juggle multiple priorities and collaborate effectively across diverse teams.

• Comfortable working autonomously in a fast-paced, global setting.

🏝️ Benefits

• Health (medical, vision, dental), life, and disability insurance*

• Equity stock options

• Retirement plans

• Paid public holidays and unlimited PTO

• Paid maternity and parental leave

• Leaves of absence (including caregiver leave and leave under CO's Healthy Families and Workplaces Act)

• Employee Assistance Program

• ***Eligibility may differ by country**