We are seeking an experienced Senior Privacy Counsel with a FinTech background to join our global Legal, Regulatory & Compliance team. Reporting to the Global Head of Privacy & DPO, you will serve as Trustly's specialist privacy adviser for the UK region, working as a subject matter expert to provide specialist guidance on complex privacy matters. This role requires deep expertise in UK and EU privacy laws and regulations, and proven experience navigating complex consumer-facing technology environments in FinTech companies.
You will be part of Trustly's global Privacy & DPO team, leading the development and implementation of privacy strategies tailored to the UK region. You will be an exceptional strategic thinker and pragmatic adviser with practical problem-solving abilities, who thrives on providing specialist privacy expertise to support Product Counsel and the wider legal team in navigating the complex and rapidly evolving privacy landscape.
What you'll do
Work closely with Product Counsel across the EU and UK region, serving as the specialist privacy adviser on complex privacy matters, regulatory queries, and high-risk data processing activities.
Develop and execute Trustly's privacy and data protection strategy for the EU and UK region, ensuring compliance with GDPR, UK GDPR, Data Protection Act 2018, ePrivacy Directive, and national data protection laws across EU member states.
Provide specialist, in-depth privacy advice, ensuring complex privacy issues are resolved effectively.
In collaboration with the wider Privacy & DPO Team, implement and adapt Trustly's global privacy framework to ensure compliance with EU and UK requirements.
Conduct and oversee privacy impact assessments (PIAs) and data protection impact assessments (DPIAs) for new products, services, features, and business initiatives.
Provide specialist privacy by design guidance to Product Counsel for embedding into product and engineering workstreams as required.
Manage data subject rights requests and handle data disclosure requests from law enforcement authorities, ensuring timely and compliant responses.
Lead privacy breach preparedness and incident response efforts for the EU and UK region, including developing incident response plans, coordinating breach investigations, and managing regulatory notifications.
Monitor legislative and regulatory developments affecting privacy and data protection in the EU and UK, providing timely analysis and recommendations to senior leadership.
In collaboration with the Global DPO, manage engagements with privacy regulators in the EU and UK, including the Information Commissioner's Office (ICO), European Data Protection Board (EDPB), and national data protection authorities across EU member states.
Collaborate closely with the global Privacy & DPO team to ensure alignment on privacy strategies, share best practices, and coordinate cross-regional privacy initiatives.
Develop and maintain privacy documentation, including data inventories, records of processing activities, and privacy compliance registers.
Who you are
Law degree (LLB, LLM, or equivalent) and qualified solicitor, barrister, or equivalent legal qualification in an EU member state or the UK, with 7-10 years of experience as a privacy lawyer at a technology company, including strong training at a reputable law firm.
Proven experience in a consumer-facing environment, with deep understanding of consumer privacy expectations and regulatory requirements in the FinTech or payment services sector.
Experience working as part of a global privacy team, with proven ability to collaborate effectively across multiple jurisdictions and time zones.
Deep expertise in EU and UK privacy laws and regulations, including GDPR, UK GDPR, Data Protection Act 2018, ePrivacy Directive, and national data protection laws across EU member states, with the ability to advise on novel and complex EU and UK privacy issues without external support.
Experience advising on cross-border data transfers using standard contractual clauses, adequacy decisions, binding corporate rules, and other transfer mechanisms.
Experience handling data subject rights requests and data disclosure requests from law enforcement authorities.
Experience implementing privacy by design and data protection by default principles and working closely with Product and Engineering teams to embed privacy into technology development, with excellent legal drafting skills for privacy policies, notices, consent mechanisms, data processing agreements, and controller-processor agreements.
Entrepreneurial and creative by nature with a bias for action, strong project management skills to manage multiple complex privacy initiatives simultaneously, and proven ability to provide practical, business-oriented privacy advice that balances legal compliance with business objectives.
Exceptional interpersonal and communication skills with the ability to explain complex legal issues in simple terms, strong understanding of international privacy frameworks, and experience managing data breach incidents including regulatory notifications to supervisory authorities.
Relevant professional privacy certifications (e.g., CIPP/E, CIPM, CIPT) are highly desirable.
Willingness to work flexible hours to collaborate with global privacy team members across different time zones and travel occasionally for meetings.
WHAT WE OFFER
At Trustly, you will have the chance to solve meaningful challenges alongside some of the brightest minds in FinTech. Together, we are shaping the future of payments in an environment that celebrates curiosity, collaboration, and innovation. You will be challenged and empowered to grow, making a real impact every step of the way.
Our team is as diverse as the global footprint we serve. At Trustly, we foster a workplace where everyone feels they belong; a place where teamwork thrives, ideas flourish, and we never forget to have fun along the way. We are proud and committed to being an Equal Opportunity Employer and believe an open and inclusive environment enables people to do their best work.
