Legal Counsel, Privacy and Technology - Windsor

Legal Counsel, Privacy and Technology - Windsor

We are Centrica. We’re so much more than an energy company. We’re a family of brands revolutionising a cleaner, greener future. Working here is MoreThanACareer - we’re powered by purpose. Together we can make an impact that will truly change tomorrow. Whether you’re developing cutting-edge green tech, helping customers on the front line or simplifying operations behind the scenes. Your work here isn’t just a job – it’s a mission. We all play a vital role in energising a greener, fairer future.

We have an exciting new opportunity for a Legal Counsel, Privacy and Technology to join our Legal, Regulatory Affairs, Ethics & Compliance, and Secretariat Function (LRECS). In this role, you will be an integral part of a high-performing privacy team, reporting directly to our Group Data Protection Officer (DPO). You will play a crucial role in achieving the privacy and technology objectives for Centrica Group and the broader legal function.

Your responsibilities will include managing daily privacy and associated technology risks and providing privacy services to the commercial and technology sectors of our business. Additionally, you will support a variety of legal tasks, including assisting our customer-facing business, British Gas, and overseeing the procurement of goods and services. You will also be required on occasion to deputise as DPO.

Location: We work flexibly in line with our Flexible First working arrangements believing that empowered colleagues are happier and more productive. The successful candidate will, however, need to be comfortable commuting to our Windsor office on a weekly basis and on some occasions, more frequently and also to our other locations as may be needed.

What will you do? The role is a broad privacy position with a focus on balancing the need for clear and pragmatic privacy advice while ensuring compliance with the laws and regulations governing the supply of energy and services to consumers and businesses. Key accountabilities will include:

1. Deliver high quality, high impact, high value privacy support across the business with the right balance of risk awareness and pragmatism.
2. Support the businesses in managing operational and regulatory risks, including the development and delivery of key policies, training and guidance to the business to better manage privacy and technology related risk.
3. Support the Centrica DPO in fulfilling their legal responsibilities and also deputise on occasion.
4. Advise and input on data protection clauses, transfer risk assessments, data protection impact assessments, maintenance of Article 30 Record of Processing Activities, customer rights requests, personal data breach risk assessment and reporting, cyber security obligations and artificial intelligence risk assessments.
5. Advise, review and input into contracts from a privacy and technology perspective.
6. Provide privacy advice to stakeholders on key business decisions, policy and customer journeys.
7. Develop strong stakeholder relationships and networks within the function and the other business units to support the delivery of objectives and the management of risk.

Who are we looking for? You will be a qualified Lawyer who can bring a strong working knowledge of GDPR, PECR, the EU Artificial Intelligence Act and Network and Information Security (NIS) requirements and a good understanding of other major privacy and cyber security frameworks. Ideally with a privacy/technology certificate/qualification, the diverse nature of this role requires someone who can consistently demonstrate a highly flexible and inquisitive approach, not only in service delivery but also across various legal tasks.

You should be adept at managing a wide range of internal and external stakeholders, prioritising effectively, and delivering high-quality, practical work. The ideal candidate will possess a strong understanding of privacy, artificial intelligence, technology, and information security law both within the UK and Europe. Additionally, familiarity with the UK home energy management market would be beneficial.

It would be advantageous if you could also bring the following:

1. Experience of delivering successfully in a challenging, fast paced environment, preferably in-house.
2. Experience of drafting data protection clauses and inputting into contracts from a privacy perspective is required.
3. A keen interest in the relationship between privacy and technological developments/innovation would be an advantage.
4. Ability to express complex concepts in plain and simple language.
5. Pragmatic and clear advice focussed on delivering solutions.
6. Interpretation of and advice on regulatory and compliance requirements, balancing risk and commercial objectives.