- Company Name
- Montu UK
- Job Title
- Data Privacy Counsel
- Job Description
-
Job Title: Data Privacy Counsel
Role Summary: Lead and enforce UK GDPR, DPA 2018, and PECR compliance for a digital health platform, integrating privacy by design into product, operations, and vendor relationships.
Expectations: • Own and continuously improve the privacy compliance framework. • Act as the UK privacy SME, translating regulations into actionable policies. • Serve as DPO for group entities and primary ICO liaison. • Foster a privacy‑first culture through training and clear guidance.
Key Responsibilities:
- Maintain core privacy artefacts (RoPA, policies, DPIA framework, retention schedules, cookie/marketing guidelines) and produce concise internal reports.
- Advise senior leaders and cross‑functional teams on privacy‑by‑design, data ethics, DPIAs, risk assessments, and pragmatic controls for telehealth, patient portal, prescribing, and pharmacy systems.
- Draft, review, and negotiate DPAs, data‑sharing agreements, and privacy/security provisions in commercial contracts.
- Conduct vendor due diligence, define controller/processor roles, and manage international transfer requirements, including TIAs.
- Serve as DPO for group companies and primary contact for the ICO on UK processing activities.
- Build and deliver privacy training, awareness programs, and user‑friendly guidance to support fast, compliant product development.
Required Skills:
- UK-qualified solicitor or barrister with 3–6 years PQE in privacy/data protection (in‑house or private practice).
- Deep knowledge of UK GDPR, DPA 2018, PECR, and handling special‑category health data in regulated settings.
- Proven experience designing or managing privacy compliance programmes (RoPA, DPIAs, policies, training, incident readiness).
- Strong drafting and negotiation skills for DPAs, data‑sharing agreements, and privacy/security clauses.
- Ability to work autonomously in a high‑growth, mission‑driven environment and influence technical and non‑technical stakeholders.
Required Education & Certifications:
- Qualified UK solicitor or barrister.
- Legal qualification and ongoing professional development in privacy/data protection.