The role

We are looking for a highly experienced and proactive Senior Data Protection Counsel to join our data protection team on a fixed-term basis. This is a key role supporting the Data Protection Officer and working closely with our Data Protection Program Manager and broader legal and compliance teams.

You'll play a central role in driving data protection governance across the group, while also supporting day-to-day legal and operational matters. We're looking for someone who thrives in a fast-paced, collaborative environment and is confident advising stakeholders independently.

What you will do

• Provide strategic and practical data protection advice to global stakeholders, primarily in the EU, UK, and Australia.
• Support group-wide data protection governance initiatives, including risk management, RoPA, and policy implementation.
• Partner with the Data Protection Program Manager to strengthen governance, risk tracking, and program execution.
• Contribute to the development and continuous improvement of our data protection framework, standards, and internal processes.
• Advise on GDPR and other applicable data protection laws, with a focus on embedding data protection by design in new products and projects.
• Draft and review data protection agreements, privacy notices, terms of service, and international data transfer arrangements.
• Work with procurement, Security, and IT to assess vendor data protection risks and support due diligence.
• Support data protection risk assessments, audits, and internal data mapping efforts.
• Help investigate and manage data breaches and regulatory queries, including DSRs and complaints.
• Collaborate with internal stakeholders across Legal, Compliance, Information Security, and Audit.
• Contribute to training and awareness activities across the group.
• Support the implementation of data protection tooling (e.g. OneTrust) and contribute to broader transformation efforts.
• Ensure that you adhere to the Governance, Risk & Compliance (GRC) obligations for your role.
• Identify and raise any non-compliance incidents promptly to your line manager.
• Challenge processes, policies and projects that will negatively impact compliance within the Group.
• Complete all mandatory compliance training assigned to you.
• Reach out to the Compliance Teams if unsure of any of your compliance obligations or the requirements are unclear.

Your experience

• Qualified lawyer with at least 6 years' experience in data protection law, including strong knowledge of the GDPR and UK GDPR.
• Demonstrated experience working in a cross-functional data protection team, ideally in a regulated or technology-driven industry.
• Experience contributing to or leading data protection transformation or tooling implementation projects is a strong advantage.
• Industry experience in sectors such as online services, gaming, technology, or financial services is beneficial.
• Tech-savvy, with a good understanding of digital products and data flows. Experience with data protection software (e.g. OneTrust) is a strong plus.
• Excellent communication and relationship-building skills.
• Able to manage workstreams independently and provide business-oriented, risk-based advice.
• Fluent in English (written and spoken); additional languages are a bonus.
• A data protection certification (e.g., CIPP/E, CIPM) is an advantage.