Senior Privacy Counsel, DPO

Summary

Join UNiDAYS as their Senior Privacy Counsel, leading their global privacy program and serving as their Data Protection Officer (DPO). This role requires a qualified solicitor with 8+ years PQE from a top-tier law firm and in-house experience at a high-growth digital business. You will advise on data risks, lead privacy governance, advise on product development, draft contracts, manage privacy documentation, handle data requests, and deliver employee training. The position involves close collaboration with various departments and reporting to the General Counsel and Board. The role offers remote work flexibility within the UK with occasional travel to London or Nottingham campuses. UNiDAYS is a Great Place to Work certified company.

Requirements

• Qualified solicitor in England & Wales with a minimum of 8 years PQE, including training at a leading law firm
• In-house legal experience at a global, tech-enabled media or online services business
• Expert knowledge of UK and EU privacy law (UK GDPR, GDPR) and a solid grasp of other global frameworks (CCPA, LGPD, CPRA, etc.)
• Experience providing legal advice at the intersection of product development, commercial strategy, and data regulation
• Strong commercial contract negotiation skills and familiarity with data processing and security terms
• Comfort operating independently, managing legal risk, and interacting with cross-functional senior stakeholders and regulators
• Experience using privacy OneTrust to support scalable, automated compliance
• Excellent written and verbal communication skills, with the ability to distil legal complexity into business-relevant insight
• A hands-on, low-ego team player who thrives in a fast-moving, high-autonomy environment

Responsibilities

• Serve as UNiDAYS’s registered Data Protection Officer, providing independent oversight of our global data protection programme and advising on data risks and obligations
• Lead our privacy governance and compliance frameworks across all global markets, driving adoption of best practices across product, operations, and marketing
• Advise on product development and feature design from early stages through to launch, ensuring privacy is embedded by design and default
• Draft, negotiate and maintain privacy-related contract terms, including data processing agreements, security addenda and international transfer mechanisms
• Manage privacy documentation, including our Records of Processing, data protection policies, cookie notices, and vendor assessments
• Handle data subject requests (SARs), privacy complaints, and regulatory queries with confidence and care
• Own incident response processes in partnership with InfoSec, including breach assessments and reporting
• Deliver engaging privacy training to employees across the business and act as a trusted privacy ambassador across functions
• Monitor global regulatory developments (GDPR, CCPA, CPRA, LGPD, etc.) and translate them into actionable guidance for the business
• Use tools like OneTrust to streamline workflows and support efficient, scalable privacy operations
• Report regularly to the Board on data protection risks, incidents and strategic developments

Preferred Qualifications

CIPP/E, CIPM, or similar privacy certification is a plus

Benefits

• 25 days holiday per year increasing with length of service, plus flexible bank holidays
• Competitive salaries
• 4pm finishes every Friday
• Company bonus scheme
• Company pension scheme
• Private health insurance (BUPA)
• Income protection policy
• Life assurance policy
• Employee Assistance Program
• Enhanced parental leave pay
• Core hours with flexibility around how/when you manage your time
• Regular team building activities
• The latest tech and hardware will be supplied from day one
• Support for home working for all new team members. We will help assess your home set up and you can expense £150 towards any additional furniture you may need to be safe and comfortable when working from home