Job Specifications
About The Role
Montu UK is hiring a Data Privacy Counsel to lead and elevate our privacy, data protection and information governance across the UK business. You’ll embed robust UK GDPR / DPA 2018 / PECR compliance into our telehealth clinic (Alternaleaf) and online pharmacy, enabling innovation while protecting patient trust.
This is a hands-on, high-impact role at the heart of a regulated digital health scale-up - partnering with Clinical, Pharmacy, Product/Engineering, Governance and Operations to make privacy practical, scalable and “baked in” from day one.
Key responsibilities
Compliance & governance
Own and improve Montu UK’s privacy compliance framework (UK GDPR, DPA 2018, PECR and healthcare information requirements).
Maintain core privacy artefacts (RoPA, policies, DPIA framework, retention, cookie/marketing practices) and produce clear internal reporting.
Act as the UK privacy SME across the business, translating regulation into workable outcomes.
Advisory & stakeholder partnership
Advise senior leaders and cross-functional teams (Clinical, Pharmacy, Governance, Product/Engineering, Customer Support) on privacy-by-design and data ethics.
Support new and existing products/workflows (telehealth, patient portal, remote prescribing, pharmacy systems) through DPIAs/LIAs, risk assessments and pragmatic controls.
Guide on controller/processor roles, vendor due diligence, cybersecurity expectations and international transfers (including TIAs as needed).
Contracting & regulator interface
Draft, review and negotiate DPAs, data-sharing agreements and privacy/security schedules across commercial and vendor contracts.
Serve as DPO for Montu UK group companies and act as primary contact for the ICO on UK processing activities.
Enablement & culture
Build a strong privacy culture through training, awareness and simple guidance that teams actually use.
Help teams move fast safely - balancing compliance with patient access, innovation and commercial goals.
Required Knowledge, Skills And Experience
UK-qualified solicitor/barrister with c. 3–6 years PQE focused on privacy/data protection (in-house or private practice).
Strong working knowledge of UK GDPR, DPA 2018, PECR and handling special category health data in regulated contexts.
Proven experience designing or running privacy compliance programmes (RoPA, DPIAs, policies, training, incident readiness).
Confident drafting/negotiating DPAs, data-sharing agreements and privacy/security provisions.
Comfortable operating autonomously in a high-growth, mission-driven environment and influencing technical and non-technical stakeholders.
Desirable attributes
Digital health / telemedicine / online pharmacy experience (particularly specialist medicines/controlled drugs).
Familiarity with NHS DSP Toolkit and UK information governance standards.
About Montu
Montu UK is a leading digital health company specialising in cannabis-based medicines (CBPM). We are committed to transforming lives by improving access to safe, effective treatments and offering an exceptional standard of care. Our dynamic and supportive work environment is the perfect place for you to grow professionally while making a meaningful impact on patients’ lives.
Compensation Range: £80K - £90K