Flo’s Legal and Compliance team are partners across the whole business here at Flo. They watch over everything: Flo’s privacy programme, compliance with regulatory obligations, contract management, IP enforcement… you name it.

The team’s divided into four groups - Privacy & Data Protection, Regulatory, Compliance, and Legal Services, each managing its own area.

As far as our Privacy team is concerned, it doesn’t get more exciting for privacy professionals than advising varied stakeholders in a rapidly growing healthtech business.

This role’s all about delivering Flo’s continued commitment to data privacy by design. It’s a Privacy Counsel position reporting to our VP of Privacy, sitting as part of a team of six and doing some really exciting work.

Having recently achieved our ISO 27001 and ISO 27701 re-certifications (the first business of our kind with them!), and with the successful launch of Anonymous mode (making it open source), we’re exploring the future of privacy in AI, as well as enhancing DSARs, reviewing our privacy policies and systems, and helping to ensure privacy by design and as default across our multi-national business.

Your Experience

Must have:

• Qualified solicitor in the UK (usually 0-2 years’ PQE) in a privacy and data protection focused Counsel position
• Proven track of work in a tech company, software focused product company or reputable law firm
• Knowledge of data protection laws globally (including the USA)
• Practical experience in privacy by design
• Knowledge of risk management
• Knowledge of OneTrust, JIRA, Confluence

Nice to have:

• IAPP certifications (CIPP/E, CIPM, CIPT, AIGP, CIPP/US or others)
• Knowledge of agile methodologies
• Proven track of work in a health tech, digital health or digital wellness company

What you'll be doing

You'll be responsible for:

• Providing privacy and data protection advice to the business on a variety of matters
• Providing guidance on existing and new product features
• Advising on advertising and the use of AI technologies.
• Giving guidance to ensure data protection is baked into the design, build, test and deployment stages across activities and departments
• Carrying out Data Protection Impact Assessments (DPIAs), and providing solutions to mitigate privacy risks, and managing privacy risks Assisting with the delivery of staff training and Privacy Champion Network communications on privacy best practice to all entities and affiliates (with a particular focus on digital data uses)
• Coordinating with Flo’s support team to facilitate user rights requests
• Undertaking legal research on emerging privacy and data protection laws and guidance, and horizon scanning for regulatory updates.
• Supporting our technology and information security teams on cybersecurity implementation and data privacy.
• Working to ensure that data protection and best practices are fully integrated into Flo’s compliance framework
• Adopting a curious approach to privacy-enhancing technologies and helping to set up new tooling from a privacy perspective.

Your targets will be:

• Successfully providing pragmatic business-oriented and compliant privacy solutions to the company on various topics such as: product and feature development, consent management, privacy assessments, digital marketing and user rights.
• Assisting with aligning our practices to the controls of Privacy ISO 27701
• Being a proactive team player that delivers on assigned targets, with a positive and collaborative approach.
• Successfully rolling out and partnering sessions for various product and marketing stakeholders

#LI-CC1