Legal Counsel, Data Privacy & Technology

We’re so much more than an energy company. We’re a family of brands revolutionising how we power the planet. We’re energisers. One team of 21,000 colleagues that's energising a greener, fairer future by creating an energy system that doesn’t rely on fossil fuels, whilst living our powerful commitment to igniting positive change in our communities. Here, you can find more purpose, more passion, and more potential. That’s why working here is #MoreThanACareer. We do energy differently - we do it all. We make it, store it, move it, sell it, and mend it.

We have an exciting new opportunity for a Legal Counsel, Privacy and Technology to join our Legal, Regulatory Affairs, Ethics & Compliance, and Secretariat Function (LRECS). In this role, you will be an integral part of a high-performing privacy and technology team, reporting directly to our Group Data Protection Officer (DPO). You will play a crucial role in delivering for the Centrica Group and the wider legal function’s objectives from a privacy, technology and cyber perspective.

Key requirements will be managing the privacy and associated technology risks to our business on a day-to-day basis and the ability to deliver privacy services to the commercial and technology led parts of the business. You will support a wide variety of legal work including supporting the customer facing businesses of Centrica as well as the procurement of goods and services.

Location : We work flexibly in line with our Flexible First working arrangements believing that empowered colleagues are happier and more productive. The successful candidate will, however, need to be comfortable commuting to our Windsor office on a weekly basis and on some occasions more frequently, as well as to our other locations as may be needed.

This is a broad privacy and technology role focused on delivering clear, pragmatic advice while ensuring compliance with laws governing energy and related services.

• Provide high-quality, risk-aware privacy support across the business.
• Help manage operational and regulatory risks through policies, training, and guidance.
• Support the Centrica DPO in meeting legal obligations.
• Advise on data protection clauses, transfer risk assessments, DPIAs, Article 30 records, customer rights requests, breach assessments, NIS obligations, and AI risk assessments.
• Review and input into contracts from a privacy and technology perspective.
• Offer privacy guidance on key business decisions, policies, and customer journeys.
• Build strong stakeholder relationships across functions to deliver objectives and manage risk.

A qualified Lawyer with strong knowledge of GDPR, PECR, the EU AI Act, NIS requirements, and other major privacy and cybersecurity frameworks. Ideally, you’ll hold a privacy or technology-related certification and bring a flexible, inquisitive approach to diverse legal tasks.

You should be confident managing stakeholders, prioritising effectively, and delivering practical, high-quality advice. A solid understanding of privacy, AI, technology, and information security law in the UK and Europe is essential; familiarity with the UK home energy management market is a plus.

• Proven success in a fast-paced, challenging environment (preferably in-house).
• Experience drafting data protection clauses and advising on contracts.
• Strong interest in privacy and emerging technologies.
• Ability to build relationships with senior leaders and provide pragmatic, risk-based advice.
• Comfortable working on complex, high-profile legal and privacy matters.
• Adaptable and committed to continuous learning.