Data Privacy Lawyer

Company: Exchange House Services Ltd – London
Apply for the Data Privacy Lawyer
Location: London
Job Description:

Responsibilities

  • Manage the DPIA process, including risk assessment of new systems, processing activities and suppliers.
  • Work with Procurement and contract owners to manage DPI risks in supply chains and ensure appropriate contractual protections.
  • Assist the AI Risk Assessment Committee with onboarding new AI tools, conducting data protection risk assessments and advising on necessary protections.
  • Develop, manage and implement global data‑privacy policies, standards, guidelines and procedures, including intra‑group transfer agreements.
  • Handle day‑to‑day operational issues, incidents and maintain an incident register.
  • Map and control privacy by design: map the firm’s data processing activities, manage the data map, monitor retention policies, and respond to client and audit information requests.
  • Advise on privacy terms in client retainer documentation and data‑subject requests (correct, erasure, access, portability).
  • Develop and deliver privacy education and awareness content, ensuring high visibility of privacy matters across the firm.
  • Support privacy compliance reviews of offices and business services, and assist with internal and external audit findings.
  • Maintain privacy risk assessments and impact assessments for each jurisdiction.
  • Prepare quarterly plans and provide annual input to the Information Security report.
  • Build and maintain relationships with internal stakeholders, particularly IT and legal teams.

Qualifications and Experience

  • Degree‑educated (technical or law degree preferred).
  • Minimum 3 years’ experience in data privacy, data governance, or information security (less experience considered with demonstrable competency).
  • Strong knowledge of GDPR and data‑protection law in other jurisdictions.
  • Proficiency in drafting, monitoring and enforcing data‑privacy policies and procedures.
  • Experience with ISO27001, other control frameworks, and a broad range of IT technologies.
  • Working knowledge of AI and associated data‑protection risks.
  • Excellent communication skills – able to liaise effectively with lawyers and IT staff.
  • Analytical ability to identify and assess data‑protection risks and controls.
  • Self‑motivated, adaptable, diligent and proactive.

Employment Details

Full‑time, Permanent – London, United Kingdom.

This role reports to the Senior Data Privacy Manager and is part of the General Counsel & Risk team under the global risk and compliance function.

#J-18808-Ljbffr…

Posted: June 28th, 2026