CrawlJobs Logo

Counsel – Privacy & Data Protection

United Kingdom, London · Job Posted May 31, 2026
Apply Position
Job Link Share

Job Description

Mastercard’s global Commercial and New Payment Flows (CNPF) Privacy team is seeking a Privacy Counsel to support its money transfer solutions. These products enable fast, secure, and seamless domestic and cross border payments, helping individuals and businesses move funds efficiently across a wide range of use cases. The role provides hands on legal support to CNPF products and services, advising on privacy, AI, and data protection across the full product lifecycle. This includes contributing to the design and launch of new payment solutions, analysing data flows, tracking regulatory developments, and negotiating data protection terms in commercial agreements. The Counsel will help ensure that solutions align with global privacy, AI, and data governance requirements. The successful candidate will operate comfortably at both strategic and operational levels, offering clear, practical advice that supports innovation while managing risk. A strong understanding of digital payments, financial services technologies, and data driven systems is essential, along with experience embedding Privacy by Design into products and processes. Working closely with product, engineering, and business teams, the Counsel will play a key role in enabling innovation in domestic and cross border payments while maintaining a robust and scalable privacy framework. This position is based in London and reports to the Senior Managing Counsel, Privacy, AI & Data Responsibility, in Belgium.

Job Responsibility

  • Provide day to day privacy support to business teams, handling product queries and operational issues, and escalating complex matters where needed
  • Support the CNPF privacy team, including Move (Mastercard Send and Cross Border Services), by preparing guidance, assessments, and initial reviews for product initiatives and market expansion
  • Advise across the broader CNPF space (including B2B payments and SME solutions) on data use, AI enabled products, data flows, and controller/processor roles in multi party ecosystems
  • Embed Privacy by Design into the product lifecycle through initial impact assessments, risk screenings, and alignment with Mastercard’s privacy and AI governance frameworks
  • Assist with responses to government data requests, RFIs, and CDD inquiries by gathering inputs, preparing drafts, and ensuring compliance with internal and legal requirements
  • Support contracting by drafting and reviewing standard data protection terms, preparing for negotiations, and escalating higher risk issues
  • Monitor regulatory developments and contribute to legal scans, providing clear, practical summaries of key impacts
  • Help build privacy awareness across the business, including developing training materials and supporting capability building efforts
  • Collaborate across teams to ensure consistent application of privacy requirements and effective follow through on actions

Requirements

  • Qualified lawyer with a strong academic foundation and solid legal training
  • Additional certifications (e.g., IAPP) are a plus
  • Keen interest in global data privacy developments and a working knowledge of privacy and data protection frameworks (e.g., GDPR
  • familiarity with others like CCPA is helpful but can be learned on the job) with some practical experience applying them, previous inhouse or technology/privacy exposure is beneficial
  • Familiarity with financial services, payments, or digital products is preferred, or a strong willingness to learn about these sectors
  • Experience with privacy platforms such as OneTrust is an advantage
  • Curiosity about digital technologies and an interest in how they intersect privacy and data governance
  • Proactive, practical, and eager to translate legal requirements into clear, usable guidance with support from senior team members
  • Strong verbal and written communication skills, with the ability to simplify complex information for non-legal audiences
  • Highly organized, detail-oriented, and able to manage multiple tasks in a fast-paced environment
  • Collaborative and team-oriented, with the ability to build positive working relationships across functions
  • Motivated to grow, take initiative, and further develop or within the team

Nice to have

  • Additional certifications (e.g., IAPP)
  • Familiarity with others like CCPA
  • Experience with privacy platforms such as OneTrust

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Similar Jobs for

Counsel – Privacy & Data Protection

8 matching positions

Senior Privacy Counsel & Data Protection Officer

Make online trading safer and privacy-first. As Senior Privacy Counsel & Data Pr...
Location
Location
Germany , Berlin
Salary
Salary:
Not provided
adevinta.com Logo
Adevinta
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Relevant experience both in a law firm and in-house, preferably with online platforms and/or ad tech
  • German law degree (2. Staatsexamen or equivalent)
  • Multi-year experience in the data protection field
  • Have worked as a DPO
  • Have successfully engaged with data protection regulators
  • Proactive and a creative problem solver
  • High interest in networking and building social connections
  • Excellent collaborator with solid diplomacy, stakeholder management and strong presentation skills
  • Strong understanding of AI and data-driven technologies and their privacy implications
  • Know how to assess and mitigate privacy risks of AI systems
Job Responsibility
Job Responsibility
  • Act as a key contact for local regulators and officials in incidents, investigations or policy consultations
  • Monitor and interpret changes in legislation, industry standards and regulatory positions on privacy and data use
  • Develop and maintain a strong network with external privacy experts
  • Manage, monitor and report on privacy compliance topics
  • Identify data protection issues proactively and recommend pragmatic remedies
  • Co-shape and iterate the local privacy strategy and roadmap
  • Fulfill all DPO-related tasks under GDPR and local law
  • Run regular internal privacy compliance audits
  • Design and deliver training for business stakeholders
What we offer
What we offer
  • An attractive Base Salary
  • Participation in our Short Term Incentive plan (annual bonus)
  • Work From Anywhere: Enjoy up to 20 days a year of working from anywhere
  • A 24/7 Employee Assistance Program for you and your family
  • Fulltime
Read More
Arrow Right

Senior Privacy Counsel & Data Protection Officer

Make online trading safer and privacy-first. As Senior Privacy Counsel & Data Pr...
Location
Location
Germany , Berlin
Salary
Salary:
Not provided
adevinta.com Logo
Adevinta
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Relevant experience both in a law firm and in-house, preferably with online platforms and/or ad tech
  • German law degree (2. Staatsexamen or equivalent)
  • Multi-year experience in the data protection field
  • Experience working as a DPO
  • Experience successfully engaging with data protection regulators
  • Proactive and a creative problem solver
  • High interest in networking and building social connections
  • Excellent collaborator with solid diplomacy, stakeholder management and strong presentation skills
  • Strong understanding of AI and data-driven technologies and their privacy implications
  • Know how to assess and mitigate privacy risks of AI systems
Job Responsibility
Job Responsibility
  • Act as a key contact for local regulators and officials in incidents, investigations or policy consultations
  • Monitor and interpret changes in legislation, industry standards and regulatory positions on privacy and data use
  • Develop and maintain a strong network with external privacy experts
  • Manage, monitor and report on privacy compliance topics, including records of processing activities, impact assessments and data retention
  • Identify data protection issues proactively and recommend pragmatic remedies
  • Co-shape and iterate the local privacy strategy and roadmap
  • Fulfill all DPO-related tasks under GDPR and local law, including reporting and governance structures
  • Run regular internal privacy compliance audits
  • Design and deliver training for business stakeholders
What we offer
What we offer
  • An attractive Base Salary
  • Participation in our Short Term Incentive plan (annual bonus)
  • Work From Anywhere: Enjoy up to 20 days a year of working from anywhere
  • A 24/7 Employee Assistance Program for you and your family
  • A collaborative environment with an opportunity to explore your potential and grow
  • A range of locally relevant benefits
  • Fulltime
Read More
Arrow Right

Senior Privacy Counsel & Data Protection Officer

Make online trading safer and privacy-first. As Senior Privacy Counsel & Data Pr...
Location
Location
Germany , Berlin
Salary
Salary:
Not provided
adevinta.com Logo
Adevinta
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Relevant experience both in a law firm and in-house, preferably with online platforms and/or ad tech
  • Hold a German law degree (2. Staatsexamen or equivalent)
  • Multi-year experience in the data protection field
  • Have worked as a DPO
  • Have successfully engaged with data protection regulators
  • Proactive and a creative problem solver
  • High interest in networking and building social connections
  • Excellent collaborator with solid diplomacy, stakeholder management and strong presentation skills
  • Strong understanding of AI and data-driven technologies and their privacy implications
  • Know how to assess and mitigate privacy risks of AI systems
Job Responsibility
Job Responsibility
  • Act as a key contact for local regulators and officials in incidents, investigations or policy consultations
  • Monitor and interpret changes in legislation, industry standards and regulatory positions on privacy and data use
  • Develop and maintain a strong network with external privacy experts
  • Manage, monitor and report on privacy compliance topics
  • Identify data protection issues proactively and recommend pragmatic remedies
  • Co-shape and iterate the local privacy strategy and roadmap
  • Fulfill all DPO-related tasks under GDPR and local law
  • Run regular internal privacy compliance audits
  • Design and deliver training for business stakeholders
What we offer
What we offer
  • An attractive Base Salary
  • Participation in our Short Term Incentive plan (annual bonus)
  • Work From Anywhere: Enjoy up to 20 days a year of working from anywhere
  • A 24/7 Employee Assistance Program for you and your family
  • A collaborative environment with an opportunity to explore your potential and grow
  • Fulltime
Read More
Arrow Right

Counsel, Privacy, Ai, And Data Protection

The Counsel for Privacy, AI, and Data Protection serves as the enterprise subjec...
Location
Location
United States , Lexington
Salary
Salary:
150000.00 - 175000.00 USD / Year
valvolineglobal.com Logo
Valvoline Global
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Juris Doctor (JD) degree from an accredited law school and active license to practice law in at least one U.S. jurisdiction
  • Minimum of 8-12 years of legal experience, with significant focus on privacy, data protection, cybersecurity, and/or technology law
  • Demonstrated expertise in U.S. and global privacy laws and frameworks (e.g., GDPR, CCPA/CPRA) and strong familiarity with emerging AI regulatory requirements
  • Experience advising on AI/ML technologies, data-driven business models, or digital products, including governance and risk management considerations
  • Proven experience building or supporting global privacy programs and operationalizing compliance frameworks (e.g., DPIAs, DSARs, data mapping)
  • Strong experience partnering with Product, Engineering, IT, and Security teams to translate legal requirements into practical solutions
  • Demonstrated ability to operate independently, manage complex cross-functional initiatives, and provide strategic, risk-based legal advice
  • Excellent communication, negotiation, and stakeholder engagement skills, with the ability to influence senior leaders
  • Ability to travel (approximately 10-20%) to support global business initiatives and team engagement
  • Collaborate effectively across global time zones, providing support to regional stakeholders and participating in meetings outside standard business hours as needed to support a globally distributed organization
Job Responsibility
Job Responsibility
  • Accountable for the design, implementation, and ongoing effectiveness of Valvoline's global privacy program, including governance structure, policies, and operational processes
  • Owns enterprise interpretation and application of global privacy laws (e.g., GDPR, CCPA/CPRA), establishing company-wide standards and guidance
  • Accountable for core privacy program operations, including DPIAs/PIAs, DSAR processes, data mapping, and records of processing activities, ensuring they are scalable, auditable, and consistently executed
  • Establishes and monitors program KPIs and metrics to measure compliance, maturity, and operational effectiveness
  • drives remediation where gaps exist
  • Leads integration of privacy-by-design principles into business processes, systems, and product development, ensuring consistent adoption across functions
  • Accountable for the enterprise AI governance framework, including policy development, risk classification models, and required controls
  • Owns the legal review and risk determination framework for AI/ML use cases, including defining approval thresholds and escalation criteria
  • Ensures AI initiatives meet regulatory, ethical, and internal governance standards, providing final legal guidance on high-risk or ambiguous use cases
  • Translates global AI regulatory developments into enforceable internal requirements, ensuring timely adoption across the enterprise
What we offer
What we offer
  • Health insurance plans (medical, dental, vision)
  • Health Savings Account (with an employer-base deposit and match)
  • Flexible spending accounts
  • Competitive 401(k) with generous employer base deposit and match
  • Incentive opportunity
  • Life insurance
  • Short- and long-term disability insurance
  • Paid vacation and holidays
  • Employee Assistance Program
  • Employee discounts
  • Fulltime
Read More
Arrow Right

Counsel, Privacy, AI, and Data Protection

Why Valvoline Global Operations? At Valvoline Global Operations, we're proud to ...
Location
Location
United States , Lexington
Salary
Salary:
150000.00 - 175000.00 USD / Year
valvoline.com Logo
Valvoline
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Juris Doctor (JD) degree from an accredited law school and active license to practice law in at least one U.S. jurisdiction
  • Minimum of 8–12 years of legal experience, with significant focus on privacy, data protection, cybersecurity, and/or technology law
  • Demonstrated expertise in U.S. and global privacy laws and frameworks (e.g., GDPR, CCPA/CPRA) and strong familiarity with emerging AI regulatory requirements
  • Experience advising on AI/ML technologies, data-driven business models, or digital products, including governance and risk management considerations
  • Proven experience building or supporting global privacy programs and operationalizing compliance frameworks (e.g., DPIAs, DSARs, data mapping)
  • Strong experience partnering with Product, Engineering, IT, and Security teams to translate legal requirements into practical solutions
  • Demonstrated ability to operate independently, manage complex cross-functional initiatives, and provide strategic, risk-based legal advice
  • Excellent communication, negotiation, and stakeholder engagement skills, with the ability to influence senior leaders
  • Ability to travel (approximately 10–20%) to support global business initiatives and team engagement
  • Collaborate effectively across global time zones, providing support to regional stakeholders and participating in meetings outside standard business hours as needed to support a globally distributed organization
Job Responsibility
Job Responsibility
  • Accountable for the design, implementation, and ongoing effectiveness of Valvoline's global privacy program, including governance structure, policies, and operational processes
  • Owns enterprise interpretation and application of global privacy laws (e.g., GDPR, CCPA/CPRA), establishing company-wide standards and guidance
  • Accountable for core privacy program operations, including DPIAs/PIAs, DSAR processes, data mapping, and records of processing activities, ensuring they are scalable, auditable, and consistently executed
  • Establishes and monitors program KPIs and metrics to measure compliance, maturity, and operational effectiveness
  • drives remediation where gaps exist
  • Leads integration of privacy-by-design principles into business processes, systems, and product development, ensuring consistent adoption across functions
  • Accountable for the enterprise AI governance framework, including policy development, risk classification models, and required controls
  • Owns the legal review and risk determination framework for AI/ML use cases, including defining approval thresholds and escalation criteria
  • Ensures AI initiatives meet regulatory, ethical, and internal governance standards, providing final legal guidance on high-risk or ambiguous use cases
  • Translates global AI regulatory developments into enforceable internal requirements, ensuring timely adoption across the enterprise
What we offer
What we offer
  • Health insurance plans (medical, dental, vision)
  • Health Savings Account (with an employer-base deposit and match)
  • Flexible spending accounts
  • Competitive 401(k) with generous employer base deposit and match
  • Incentive opportunity
  • Life insurance
  • Short- and long-term disability insurance
  • Paid vacation and holidays
  • Employee Assistance Program
  • Employee discounts
  • Fulltime
Read More
Arrow Right

Legal and Data Privacy Counsel

Keepit seeks a Legal and Data Privacy Counsel to join our team in Krakow, Poland...
Location
Location
Poland , Krakow
Salary
Salary:
Not provided
keepit.com Logo
Keepit
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Master’s degree in law
  • Experience as a legal counsel specialising in data privacy, either in-house or at a law firm
  • Thorough understanding of data protection laws and regulations, particularly GDPR
  • Ability to collaborate across departments and organisational levels
  • Strong communication and training facilitation skills
  • Very high level of written and spoken English
Job Responsibility
Job Responsibility
  • Develop, implement, and maintain data protection policies and procedures in line with relevant laws and regulations
  • Collaborate with cross-functional teams to conduct audits and assessments of processing activities and vendors, identifying potential data protection risks
  • Drive legal tech adoption within the legal department
  • Provide legal guidance for procurement and sales
  • Offer advice on the lawful and responsible use of data, ensuring compliance with data protection legislation and internal policies
  • Investigate data breaches or privacy incidents in collaboration with our DPO function, documenting findings, and suggesting corrective actions
  • Handle requests efficiently and compliantly, maintaining accurate records and documentation
  • Stay updated on data protection laws and regulations, proactively communicating changes and implications to the organisation
  • Supporting security teams with privacy aspects of obtaining security certifications and completing security audits (ISO 270001/SOC2)
What we offer
What we offer
  • 4 additional working days of vacation leave per full calendar year
  • 3 days of internal sick leave without a doctor`s note
  • Health and Life Insurance
  • Employee Capital Plan (PPK)
  • Multisport card compensation
  • Coverage of professional training sessions, meetups, etc.
  • English-speaking club with native speakers
  • Polish language classes
  • Internet and Glasses reimbursement
  • Cosy office in Krakow city centre (Długa, 72) with beverages, fruit, and cookies
  • Fulltime
Read More
Arrow Right

Senior Legal Counsel - Data Privacy & Compliance

We’re hiring a Senior Legal Counsel dedicated to Data Privacy & Compliance - som...
Location
Location
United Kingdom , Dunstable
Salary
Salary:
Not provided
whitbreadinns.co.uk Logo
Whitbread Inns
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Deep expertise in UK data protection law (EU desirable)
  • Experience handling large volumes of consumer and/or employee data (B2C essential)
  • Strong policy‑writing skills — capable of building frameworks from scratch and owning them
  • Experience in drafting and implementing procedures, controls and compliance programmes
  • Comfortable engaging with senior stakeholders and influencing across the business
  • Ability to operate with a high level of autonomy and enthusiasm
  • Private‑practice background welcome
  • in‑house experience is a bonus, not a requirement
Job Responsibility
Job Responsibility
  • Lead on UK data protection compliance, advising across Whitbread’s end‑to‑end consumer and employee data lifecycle
  • Develop, maintain and embed group‑wide policies, procedures and data governance frameworks
  • Manage and optimise our relationship with the UK’s outsourced DPO
  • Provide best‑practice guidance to operations in Ireland, Germany and China
  • Deliver DPIAs, ROPAs, DSAR handling, and data‑related litigation management
  • Advise on CRM, digital marketing, cookies, and marketing consent
  • Draft and negotiate data processing/sharing agreements
  • Guide IT teams to ensure privacy is embedded from the very beginning of any change or initiative
  • Own and evolve a broad compliance portfolio, including: Code of Conduct governance and communication
  • Competition law risk and training
What we offer
What we offer
  • bonus
  • 10% matched pension
  • health care
Read More
Arrow Right

Lead Counsel, Data Privacy

You will join as Senior Lead Counsel, Data & Privacy, with primary responsibilit...
Location
Location
United States , San Francisco; New York
Salary
Salary:
180000.00 - 270000.00 USD / Year
airwallex.com Logo
Airwallex
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • U.S. legal qualification (or foreign equivalent) and active license to practice in at least one US jurisdiction
  • 8 years of experience in an in‑house legal department and/or in private practice advising on technology, data and privacy issues related to technical platforms and products
  • Strong knowledge of US federal and state privacy and data‑security laws (such as CCPA/CPRA and GLBA/Reg P) and how they intersect with payments and broader financial‑services regulation, plus working knowledge of GDPR and Canadian/South American privacy requirements (such as LGPD)
  • Experience providing guidance on US related privacy adtech requirements and technologies, including varying consent frameworks under US state privacy laws, and operationalizing consent management requirements
  • Demonstrated experience partnering with technical teams (Product, Engineering, Information Security) to translate legal and regulatory requirements into practical technical designs, controls, and processes
  • Demonstrated experience advising on emerging US and global AI legal requirements and AI‑governance best practices, and experience advising on AI/ML tools, vendors, or products from a privacy and data‑protection perspective
  • Experience providing data and privacy legal support during security or privacy incidents, including incident assessment, notification analysis, and remediation planning
  • Excellent written and verbal communication skills, with the ability to explain complex legal concepts to non‑lawyers and senior executives, and to drive clear decisions in ambiguous, time‑sensitive situations
  • High degree of ownership, resilience, and pragmatism
  • comfortable working in a fast‑paced, high‑growth fintech environment and managing multiple complex matters in parallel
Job Responsibility
Job Responsibility
  • Serve as lead data and privacy counsel for the US and Americas region, providing risk‑based, business‑oriented advice on US, Canada, and South American, data protection, AI and cybersecurity issues (including cross‑border access and national‑security‑adjacent topics), grounded in global data protection regulation and frameworks
  • Spearhead AI governance development and implementation globally, providing guidance on relevant global and US AI frameworks and executing a fit-for-purpose AI governance approach at Airwallex, including developing and implementing AI policies, procedures, privacy-related AI mitigations, and accountability frameworks
  • Develop and help execute privacy and data protection compliance programs for the Americas, specifically focused on compliance with US federal and state consumer financial privacy frameworks (GLBA, FCRA, CalFIPA) compliance, Executive Order 14117, and comprehensive state privacy compliance
  • Partner closely with Product, Engineering, Information Security, Regulatory Legal, Regulatory Compliance, Commercial Legal and Risk to embed privacy‑ and security‑by‑design in product development, technical architecture, UX, and go‑to‑market, including by spearheading DPIAs/PIAs, AI risk assessments, and other privacy impact assessments
  • Draft, review, and negotiate complex data protection and data‑sharing terms (including DPAs, cross‑border transfer terms, and AI‑related clauses) with customers, vendors, financial partners, and other third parties, acting as an escalation point for high‑risk matters
  • Coordinate and oversee international data flows touching the Americas, ensuring appropriate transfer tools and governance (e.g. SCCs or equivalent), and supporting initiatives on data localisation, storage, and access controls
  • Co‑lead the privacy and data‑protection workstream for security and data incidents related to the Americas with Information Security and other stakeholders, including triage, investigation, regulatory and customer notifications, remediation, and lessons learned
  • Advise on high‑risk or novel processing activities (e.g. new AI use cases, advanced analytics, innovative platform and embedded‑finance data models), helping structure appropriate safeguards, governance, and documentation
  • Support interactions with US and Americas regulators and policymakers on privacy, cybersecurity, data‑access and related topics, in close coordination with Regulatory Legal and Regulatory Compliance
  • Help build and refine tools and processes for privacy workflows (e.g., intake, assessment, DPIA/PIA/DPIA for AI, ROPA, DSRs), including the use of specialist tooling, metrics, and dashboards to track and evidence compliance
What we offer
What we offer
  • Offers Equity
  • Offers Bonus
  • medical, dental, and vision insurance
  • a 401(k) plan
  • short-term and long-term disability
  • basic life insurance
  • well-being benefits
  • 20 paid days of vacation
  • 12 paid days of company holidays
  • Fulltime
Read More
Arrow Right