Privacy Counsel

Legal and Compliance are partners across the whole business here at Flo. They watch over everything: Flo’s privacy programme, compliance with regulatory obligations, contract management, IP enforcement… you name it. 

The team’s divided into three groups - Privacy & Data Protection, Regulatory & Compliance, and Legal Services, each managing its own area. 

As far as our Privacy team is concerned, it doesn’t get more exciting for privacy professionals working in a rapidly growing healthtech business. 

This role’s all about delivering Flo’s continued commitment to data privacy by design.

Reporting to our VP of Privacy, it sits as part of a team of six doing some really exciting work.

Having achieved our ISO 27701 Privacy certification (the first business of our kind with it!), and having launched Anonymous mode (recently making it open source), we’re exploring the future of privacy in AI, as well as enhancing our privacy policies and systems, and helping to ensure privacy by design and as default across our business.

With one of our team departing for world travel, we’re looking for a permanent replacement to act as Privacy Counsel and help lead our commitment to maintaining ISO standards.

Your Experience

Must have:

• 
  
• Qualified solicitor in the UK with experience (usually 2+ years’ PQE) in a privacy and data protection position;
  
• Proven track of work in a tech company, software focussed product company or reputable law firm;
  
• Knowledge of data protection laws globally (including the US);
  
• Practical experience in privacy by design;
  
• Knowledge of ISO (Security and/or Privacy) and risk management;
  
• Knowledge of OneTrust, miro, JIRA, Confluence.
  

Nice to have:

• 
  
• CIPP certifications (CIPP/E, CIPM, CIPT, CIPP/US or others);
  
• Knowledge of agile methodologies;
  
• Proven track of work in a health tech, digital health or digital wellness company.
  

What you'll be doing

You'll be responsible for:

• 
  
• Provide privacy and data protection advice to the business;
  
• Provide guidance on new product features;
  
• Advising on online advertising practices and AI technologies;
  
• Giving guidance to ensure data protection is baked into the design, build, test and deployment stages across activities and departments;
  
• Carrying out Data Protection Impact Assessments (DPIAs), and providing solutions to mitigate privacy risks;
  
• Running our core integrated Information Security and Privacy Management System (ISPMS) processes, including maintaining framework documents and other ISPMS documented information.
  
• Organizing ISO and internal audits and the management of any resulting non-conformities, control owner walkthroughs, policy reviews, and Flo’s Privacy and Security Steering group meetings and materials;
  
• Assisting with the creation and delivery of staff training and Privacy Champion Network communications on privacy best practice to all entities and affiliates (with a particular focus on digital data uses);
  
• Undertaking legal research on emerging privacy and data protection laws and guidance, and horizon scanning for regulatory updates;
  
• Working to ensure that data protection and best practices are fully integrated into Flo’s compliance framework;
  
• Adopting a curious approach to privacy-enhancing technologies and helping to set up new tooling from a privacy perspective.
  

You'll be targeted on:

• 
  
• Successfully providing pragmatic business-oriented and compliant privacy solutions to the company on various topics such as: consent management, privacy assessments, digital marketing and user rights;
  
• Leading the coordination of the ISO 27001 Security and ISO 27701 Privacy management systems;
  
• Being a proactive team player that delivers on assigned targets, with a positive and collaborative approach;
  
• Successful rollout of educational and partnering sessions for various stakeholders (including product and marketing).
  

#LI-JC1 #LI-Hybrid