Senior Privacy Counsel

Legal and Compliance are partners across the whole business here at Flo. They watch over everything: Flo’s privacy programme, compliance with regulatory obligations, contract management, IP enforcement… you name it. 

The team’s divided into three groups - Privacy & Data Protection, Regulatory & Compliance, and Legal Services, each managing its own area. 

As far as our Privacy team is concerned, it doesn’t get more exciting for privacy professionals than advising varied stakeholders in a rapidly growing healthtech business. 

This role’s all about delivering Flo’s continued commitment to data privacy by design. It’s a Senior Privacy Counsel position reporting to our VP of Privacy, sitting as part of a team of six and doing some really exciting work.

Having recently achieved our ISO 27001 re-certification (the first business of our kind with it!), and launched Anonymous mode (recently making it open source), we’re pressing ahead with ISO 27701 and exploring the future of privacy in AI, as well as enhancing DSARs, reviewing our privacy policies and systems, and helping to ensure privacy by design and as default across our multi-national business.

Your Experience

Must have:

• 
  
• Qualified solicitor in the UK with strong experience (usually +5 years’ PQE) in a privacy and data protection focussed Counsel position
  
• Proven track of work in a tech company, software focussed product company or reputable law firm
  
• Knowledge of data protection laws globally (including the US)
  
• Practical experience in privacy by design
  
• Adtech experience
  
• Knowledge of risk management
  
• Knowledge of OneTrust, JIRA, Confluence
  

Nice to have:

• 
  
• CIPP certifications (CIPP/E, CIPM, CIPT, CIPP/US or others)
  
• Knowledge of agile methodologies
  
• Proven track of work in a health tech, digital health or digital wellness company
  

What you'll be doing

You'll be responsible for:

• 
  
• Provide privacy and data protection advice to the business 
  
• Provide guidance on new product features
  
• Advising on advertising technologies,  online advertising practices and AI technologies. 
  
• Give guidance to ensure data protection is baked into the design, build, test and deployment stages across activities and departments
  
• Carrying out Data Protection Impact Assessments (DPIAs), and providing solutions to mitigate privacy risks
  
• Assist with the creation and delivery of staff training and Privacy Champion Network communications on privacy best practice to all entities and affiliates (with a particular focus on digital data uses)
  
• Undertake legal research on emerging privacy and data protection laws and guidance, and horizon scanning for regulatory updates. 
  
• Work to ensure that data protection and best practices are fully integrated into Flo’s compliance framework
  
• Support our technology and information security teams on cyber security, data privacy and data ownership.
  
• Adopting a curious approach to privacy-enhancing technologies and helping to set up new tooling from a privacy perspective.
  

Your targets will be:

• 
  
• Successfully providing pragmatic business-oriented and compliant privacy solutions to the company on various topics such as: consent management, privacy assessments, digital marketing and user rights.
  
• Assisting with aligning our practices to  the controls of Privacy ISO 27701 
  
• Being a proactive team player that delivers on assigned targets, with a positive and collaborative approach. 
  
• Successful rollout of educational and partnering sessions for various product and  marketing stakeholders
  

#LI-JC1