Privacy Counsel, EU/UK

Support the execution of Trustly's privacy strategy for the EU and UK region, ensuring compliance with the EU GDPR, UK GDPR, Data Protection Act 2018, ePrivacy Directive, and national data protection laws across EU member states.

Conduct privacy impact assessments and DPIAs for new products, services, features, and business initiatives.

Provide practical, business-focused legal advice on privacy matters to internal stakeholders.

Advise on data subject rights requests (including rights to access, erasure, portability etc).

Support privacy breach preparedness and incident response efforts for the EU and UK region, including contributing to incident response plans, coordinating breach investigations, and managing notifications to supervisory authorities and communications to data subjects.

Advise on and support the negotiation of data processing agreements, data transfer mechanisms (including standard contractual clauses, adequacy decisions, and other transfer tools), and privacy terms with vendors, partners, and customers.

Monitor legislative and regulatory developments affecting privacy and data protection in the EU and UK, including tracking national implementations of EU directives and regulations, providing timely analysis and recommendations to senior leadership.

Collaborate closely with the global Privacy & DPO team to ensure alignment on privacy strategies, share best practices, and coordinate cross-regional privacy initiatives.

Develop and maintain privacy documentation, including records of processing activities, legal advice notes and privacy compliance registers.

Support privacy-related audits, assessments, and due diligence activities.

Law degree (LLB, LLM, or equivalent) and qualified solicitor, barrister, or equivalent legal qualification in an EU member state or the UK.

Minimum of 3-5 years of experience as a privacy lawyer (including demonstrated experience advising on GDPR, UK GDPR, and national data protection laws).

Demonstrated experience in the FinTech or the payment services sector, with knowledge of the unique privacy challenges and regulatory landscape affecting payments and financial technology companies would be a bonus.

Experience working as part of a global privacy team, with proven ability to collaborate effectively across multiple jurisdictions and time zones.

Demonstrated experience handling data subject rights requests and data disclosure requests from law enforcement authorities.

Strong knowledge of EU and UK privacy laws and regulations, including GDPR, UK GDPR, Data Protection Act 2018, ePrivacy Directive, and national data protection laws across the EU

Experience advising on cross-border data transfers, including standard contractual clauses, adequacy decisions, and other transfer mechanisms.

Relevant professional privacy certifications (e.g., CIPP/E, CIPM, CIPT) are highly desirable.

Strong interpersonal and communication skills and the ability to explain complex legal issues in simple terms.

Entrepreneurial and creative by nature, with a bias for action.

Strong legal drafting skills, with experience developing privacy policies, notices, consent mechanisms, data processing agreements, and controller-processor agreements.

Strong project management skills and ability to manage multiple complex privacy initiatives simultaneously.

Proven ability to provide practical, business-oriented privacy advice that balances legal compliance with business objectives.

Experience managing data breach incidents, including regulatory notifications to supervisory authorities and communications with affected data subjects.

Strong analytical and problem-solving skills, with the ability to assess privacy risks and develop pragmatic solutions.

Willingness to work flexible hours to collaborate with global privacy team members across different time zones.