We are seeking an experienced Privacy Counsel to join our global Legal, Compliance & Risk team at an
exciting period in Trustly's growth. Reporting directly to the Global Head of Privacy & DPO, you will
support the implementation and adaptation of Trustly's global privacy framework across EU and UK,
advise on data protection matters, and ensure compliance with the highest privacy standards.
Working closely with Product, Engineering, Marketing and Compliance teams, you will embed privacy by
design throughout the organisation. This role requires strong expertise in EU and UK privacy laws and
regulations, with proven experience advising on cross-border data transfers.
The ideal candidate will be a strategic thinker with practical problem-solving abilities, who thrives on
partnering closely with business teams to navigate the complex and rapidly evolving privacy landscape.
What you'll do
Support the execution of Trustly's privacy strategy for the EU and UK region, ensuring compliance with the EU GDPR, UK GDPR, Data Protection Act 2018, ePrivacy Directive, and national data protection laws across EU member states.
Conduct privacy impact assessments and DPIAs for new products, services, features, and business initiatives.
Provide practical, business-focused legal advice on privacy matters to internal stakeholders.
Advise on data subject rights requests (including rights to access, erasure, portability etc).
Support privacy breach preparedness and incident response efforts for the EU and UK region, including contributing to incident response plans, coordinating breach investigations, and managing notifications to supervisory authorities and communications to data subjects.
Advise on and support the negotiation of data processing agreements, data transfer mechanisms (including standard contractual clauses, adequacy decisions, and other transfer tools), and privacy terms with vendors, partners, and customers.
Monitor legislative and regulatory developments affecting privacy and data protection in the EU and UK, including tracking national implementations of EU directives and regulations, providing timely analysis and recommendations to senior leadership.
Collaborate closely with the global Privacy & DPO team to ensure alignment on privacy strategies, share best practices, and coordinate cross-regional privacy initiatives.
Develop and maintain privacy documentation, including records of processing activities, legal advice notes and privacy compliance registers.
Support privacy-related audits, assessments, and due diligence activities.
Who you are
Law degree (LLB, LLM, or equivalent) and qualified solicitor, barrister, or equivalent legal qualification in an EU member state or the UK.
Minimum of 3-5 years of experience as a privacy lawyer (including demonstrated experience advising on GDPR, UK GDPR, and national data protection laws).
Demonstrated experience in the FinTech or the payment services sector, with knowledge of the unique privacy challenges and regulatory landscape affecting payments and financial technology companies would be a bonus.
Experience working as part of a global privacy team, with proven ability to collaborate effectively across multiple jurisdictions and time zones.
Demonstrated experience handling data subject rights requests and data disclosure requests from law enforcement authorities.
Strong knowledge of EU and UK privacy laws and regulations, including GDPR, UK GDPR, Data Protection Act 2018, ePrivacy Directive, and national data protection laws across the EU
Experience advising on cross-border data transfers, including standard contractual clauses, adequacy decisions, and other transfer mechanisms.
Relevant professional privacy certifications (e.g., CIPP/E, CIPM, CIPT) are highly desirable.
Strong interpersonal and communication skills and the ability to explain complex legal issues in simple terms.
Entrepreneurial and creative by nature, with a bias for action.
Strong legal drafting skills, with experience developing privacy policies, notices, consent mechanisms, data processing agreements, and controller-processor agreements.
Strong project management skills and ability to manage multiple complex privacy initiatives simultaneously.
Proven ability to provide practical, business-oriented privacy advice that balances legal compliance with business objectives.
Experience managing data breach incidents, including regulatory notifications to supervisory authorities and communications with affected data subjects.
Strong analytical and problem-solving skills, with the ability to assess privacy risks and develop pragmatic solutions.
Willingness to work flexible hours to collaborate with global privacy team members across different time zones.
Skills Required
- Law degree (LLB, LLM, or equivalent) and qualified solicitor, barrister, or equivalent legal qualification in an EU member state or the UK.
- Minimum of 3-5 years of experience as a privacy lawyer advising on GDPR, UK GDPR, and national data protection laws.
- Strong knowledge of EU and UK privacy laws, including GDPR, UK GDPR, Data Protection Act 2018, and the ePrivacy Directive.
- Experience advising on cross-border data transfers, including standard contractual clauses, adequacy decisions, and other transfer mechanisms.
- Experience handling data subject rights requests and data disclosure requests from law enforcement authorities.
- Experience managing data breach incidents, including regulatory notifications to supervisory authorities and communications with affected data subjects.
- Experience working as part of a global privacy team and collaborating across multiple jurisdictions and time zones.
- Relevant professional privacy certifications (e.g., CIPP/E, CIPM, CIPT).
- Demonstrated experience in the FinTech or payment services sector (bonus).
- Strong legal drafting, project management, interpersonal and communication skills; ability to provide practical, business-focused privacy advice.
Trustly Compensation & Benefits Highlights
The following summarizes recurring compensation and benefits themes identified from responses generated by popular LLMs to common candidate questions about Trustly and has not been reviewed or approved by Trustly.
-
Parental & Family Support — Gender‑neutral paid parental leave in North America is positioned as a strong part of the package. The offering is presented as a meaningful support for families.
-
Leave & Time Off Breadth — Generous PTO is consistently highlighted across U.S. benefit descriptions. Time off availability is portrayed as a notable component of the total package.
-
Equity Value & Accessibility — Equity and stock programs, including equity grants and in some cases an ESPP, are emphasized as part of total rewards. These elements are described as lifting overall compensation perceptions when base‑pay views vary.
Trustly Insights
What We Do
At Trustly, we envision a world in which online payments are fast, simple and secure for everyone — merchants, consumers and banks alike. One hundred years ago, cash was king. People got paid in cash, carried it in their wallets, and bought things with it at the local store. Payment was easy. Oh, how the times have changed. Today, our salaries are deposited straight into our bank accounts and we shop online, from merchants all around the world. So why is it so hard to pay straight from our bank accounts? For consumers, paying online should be as easy as sliding a bill across the counter. And accepting payments and issuing refunds should be the least of merchants’ worries. Credit cards, debit cards, e-wallets, invoices and cash-on-delivery are all middlemen levying fees, debt and interest for the simple task of moving money from one person to another. At Trustly, we work hard to make online payments easy.
Why Work With Us
At Trustly, we work hard to make online payments easy. We’re dynamic, not stuffy. We’ve got the drive and ambition of a startup and the experience and advantage of a scale-up, all wrapped up in one amazing team. The pace is fast, and change is frequent. We prioritize agility to adapt to whatever tomorrow brings.
Gallery
