Senior Privacy Counsel, DPO

Summary

Join UNiDAYS as a Senior Privacy Counsel and lead the global privacy program. Serve as the registered Data Protection Officer (DPO), advising on data risks and obligations. Lead privacy governance and compliance, ensuring privacy is embedded in products and partnerships. Advise on product development, draft contracts, manage privacy documentation, and handle data subject requests. Monitor global regulatory developments and deliver employee training. Report regularly to the Board. This role requires a qualified solicitor with 8+ years PQE and in-house experience in a global tech-enabled business. The position blends strategic advice, operational delivery, and stakeholder engagement.

Requirements

• Qualified solicitor in England & Wales with a minimum of 8 years PQE, including training at a leading law firm
• In-house legal experience at a global, tech-enabled media or online services business
• Expert knowledge of UK and EU privacy law (UK GDPR, GDPR) and a solid grasp of other global frameworks (CCPA, LGPD, CPRA, etc.)
• Experience providing legal advice at the intersection of product development, commercial strategy, and data regulation
• Strong commercial contract negotiation skills and familiarity with data processing and security terms
• Comfort operating independently, managing legal risk, and interacting with cross-functional senior stakeholders and regulators
• Experience using privacy OneTrust to support scalable, automated compliance
• Excellent written and verbal communication skills, with the ability to distil legal complexity into business-relevant insight
• A hands-on, low-ego team player who thrives in a fast-moving, high-autonomy environment

Responsibilities

• Serve as UNiDAYS’s registered Data Protection Officer, providing independent oversight of our global data protection programme and advising on data risks and obligations
• Lead our privacy governance and compliance frameworks across all global markets, driving adoption of best practices across product, operations, and marketing
• Advise on product development and feature design from early stages through to launch, ensuring privacy is embedded by design and default
• Draft, negotiate and maintain privacy-related contract terms, including data processing agreements, security addenda and international transfer mechanisms
• Manage privacy documentation, including our Records of Processing, data protection policies, cookie notices, and vendor assessments
• Handle data subject requests (SARs), privacy complaints, and regulatory queries with confidence and care
• Own incident response processes in partnership with InfoSec, including breach assessments and reporting
• Deliver engaging privacy training to employees across the business and act as a trusted privacy ambassador across functions
• Monitor global regulatory developments (GDPR, CCPA, CPRA, LGPD, etc.) and translate them into actionable guidance for the business
• Use tools like OneTrust to streamline workflows and support efficient, scalable privacy operations
• Report regularly to the Board on data protection risks, incidents and strategic developments

Preferred Qualifications

CIPP/E, CIPM, or similar privacy certification is a plus

Benefits

• 25 days holiday per year increasing with length of service, plus flexible bank holidays
• Competitive salaries
• 4pm finishes every Friday
• Company bonus scheme
• Company pension scheme
• Private health insurance (BUPA)
• Income protection policy
• Life assurance policy
• Employee Assistance Program
• Enhanced parental leave pay
• Core hours with flexibility around how/when you manage your time
• Regular team building activities
• The latest tech and hardware will be supplied from day one
• Support for home working for all new team members. We will help assess your home set up and you can expense £150 towards any additional furniture you may need to be safe and comfortable when working from home