Global Data Protection & Technology Counsel

About The Position

Requirements

• Qualified lawyer (UK or equivalent) with strong experience in privacy/data protection (minimum 5–7 years PQE preferred, but flexible based on experience).
• Deep understanding of UK GDPR, EU GDPR, and global privacy trends.
• Demonstrated experience advising on data‑protection issues within a consumer‑facing, digital, or technology‑enabled environment.
• Strong track record working with or within technology, product, e‑commerce, or innovation teams.
• Hands‑on experience with compliance frameworks, data‑governance processes, DPIAs/PIAs, vendor assessments, and incident response.
• Excellent communication skills and ability to translate complex privacy concepts into actionable business guidance.
• Ability to work autonomously in a fast‑paced environment and manage competing priorities across multiple jurisdictions.

Nice To Haves

• Experience in the art market, luxury sector, or other regulated/high‑value transaction industries.
• Familiarity with cybersecurity requirements and tech‑risk governance.
• Experience supporting global or multi‑regional organisations.
• Hands‑on experience with data‑mapping, privacy‑operations tools, and digital‑product lifecycles.

Responsibilities

• Data Protection & Privacy Advice
• Serve as the organisation’s primary subject‑matter expert on global privacy and data protection laws (including UK GDPR, EU GDPR, and other relevant regimes).
• Provide clear, practical, business‑focused legal advice on data collection, use, sharing, international transfers, data retention, and lawful bases.
• Advise on privacy implications of digital products, customer‑facing technologies, CRM systems, online payment solutions, AI‑enabled tools, and other emerging technologies.
• Privacy Governance & Compliance
• Lead the ongoing enhancement of data‑protection compliance frameworks, policies, procedures, and training globally.
• Oversee DPIAs, LIAs, TIAs and other privacy assessments for new tools, platforms, and business processes.
• Maintain and improve Records of Processing Activities (RoPA) and support ongoing audits and compliance reporting.
• Manage responses to data subject rights requests across multiple jurisdictions.
• Advise on and coordinate incident response and data‑breach management.
• Technology, Digital & e‑Commerce Enablement
• Partner with Technology and Product teams on platform upgrades, data‑architecture changes, and new digital features to ensure compliance is “built in”.
• Support e‑commerce expansion, marketing initiatives, and customer‑journey improvements with guidance on cookies, tracking, online consent management, and profiling.
• Support procurement and vendor‑management teams on tech‑related contracts, including DPAs, information‑security schedules, and cloud‑services agreements.
• Cross‑Functional Collaboration
• Work closely with global business units to ensure consistent privacy standards and support local privacy needs.
• Collaborate with Security, Operations, Marketing, HR, and regional teams to implement privacy controls and embed good data‑governance behaviours across the company.
• Provide training and awareness sessions tailored to business functions and risk profiles.
• Strategic Input & Transformation Support
• Advise the General Counsel and senior leadership on privacy risks and requirements associated with major digital‑transformation projects.
• Contribute legal insight to data‑strategy planning, information‑management initiatives, and technology‑driven customer‑experience enhancements.
• Support the development of scalable global processes and tools that reduce friction, strengthen compliance, and future‑proof the organisation’s data‑governance framework.

Benefits

• 28 days holidays (including Bank Holidays), increasing to 33 with service
• Healthcare