This list contains only the countries for which job offers have been published in the selected language (e.g., in the French version, only job offers written in French are displayed, and in the English version, only those in English).
ROLE SUMMARY: This is a rare opportunity to combine deep data protection expertise with broad legal leadership in a fast-growing, international education business. You will serve as the Group's Global Data Protection Officer while also acting as Head of Legal, working side by side with the Group General Counsel to manage and develop the legal function across the organisation. This is not a siloed DPO role. You will be the GC's right hand across the full range of legal matters the group faces, from commercial contracts to regulatory questions to strategic projects. If you thrive on breadth, autonomy, and building things, this role was designed for you.
Job Responsibility
Act as the Group's registered Data Protection Officer in the UK and oversee outsourced DPO and data protection service providers across other jurisdictions
Own and evolve a scalable, multi-jurisdictional data protection framework that delivers standardised baseline compliance while accommodating local requirements
Lead on DSARs, breach management, DPIAs, records of processing, and data protection training across the group
Advise the business on data protection matters relating to students, parents, and staff, including the handling of children's data and other special or higher-risk categories of personal data
Monitor regulatory developments (including emerging AI regulation) and translate them into practical guidance for the business
Partner with the Group General Counsel to manage, shape, and develop the legal function as it matures
Review, draft, and negotiate commercial contracts across a range of subject matter
Advise on general commercial legal matters including intellectual property, procurement, and supplier relationships
Support the GC on strategic and ad hoc legal projects as the business requires
Act as a trusted legal adviser to C-suite executives, Heads of School, and Regional CEOs and CFOs
Communicate legal and data protection risk clearly and practically to non-legal stakeholders at all levels
Build strong relationships across the business to ensure legal and data protection are seen as enablers, not blockers
Requirements
Qualified lawyer (UK or equivalent) with significant post-qualification experience in data protection
Proven track record of managing data protection compliance across multiple jurisdictions, including building scalable systems, processes, and governance frameworks
Experience with DSARs, breach management, DPIAs, and data protection training programmes
Strong commercial instinct and a healthy risk appetite: you give practical, proportionate advice that helps the business move forward
Comfortable reviewing and drafting commercial contracts and advising on general commercial legal questions
Excellent communicator who can translate complex legal and regulatory concepts for business stakeholders at all levels
Proactive, self-starting, and energised by creating and improving processes, structures, and ways of working
Genuinely excited about working across the full breadth of a legal function, not just data protection
Nice to have
Experience handling children's data or other higher-risk categories of personal data (e.g., health, education records)
Familiarity with emerging AI regulation and its practical implications
Experience in the education sector or other regulated, people-focused industries
CIPP/E, CIPM, or equivalent data protection certification