Privacy Counsel/Manager

Are you passionate about data privacy, cyber security and eager to make a real-world impact? Join L'Oréal, a global leader in beauty, and help us navigate the evolving landscape of data privacy. As our Privacy Counsel/Manager, you'll play a key role in ensuring we uphold the highest ethical standards while delivering exceptional experiences for our consumers worldwide. Reporting into the Head of Data Privacy Legal & Data Protection Officer (DPO) for L'Oréal UKI, you will work across all business areas including marketing, digital, HR, retail, and IT security.

• Drafting and negotiating commercial agreements relating to data protection, including outsourcing and data transfer agreements.
• Reviewing new projects for data protection risks and assisting with developing appropriate and pragmatic solutions to ensure risks are mitigated and privacy by design principles are incorporated.
• Supporting business partners in managing data subject requests and data security incidents.
• Supporting the DPO in managing local and global governance initiatives.
• Overseeing the development and maintenance of data privacy-related policies and guidance.
• Delivering and supporting a data privacy training and awareness programme.
• Keeping up to date with changes in legislation or guidance, assessing their impact, and advising relevant teams accordingly.
• Stakeholder management, working closely with IT Security colleagues to support in their governance programme.

• Strong planning and organisation skills; able to re‑prioritise as required.
• Ability to track the success of campaigns and initiatives, including showing ROI.
• High degree of accuracy and attention to detail, meeting deadlines.
• Entrepreneurial mindset; spotting opportunities to drive growth for the brand and customers.
• Creative thinking; excellent at overcoming challenges or creating inspiring presentations.
• Ability and confidence to know when to seek help, liaise with DPO and other teams at both a local and global level.
• Work autonomously and reprioritise workload as new questions or projects arise.
• Apply commercial judgement, evaluating and advising the business on risk.
• Simplify and make relevant a complex legal or regulatory solution for the business to apply.
• Strong interpersonal skills, able to communicate effectively at all levels and adopt a flexible style to suit a variety of stakeholders.
• Build strong networks with, and gain the trust of, colleagues across the business by sharing best practice and bringing a solutions‑driven approach.

• 4 years+ qualified lawyer or equivalent privacy‑related experience, reflective of the experience needed to enter the business and be effective in this role.
• Experience advising on privacy in either a well‑respected private practice or in‑house environment/consultancy, including advising on ePrivacy Regulations in the context of digital advertising.
• Strong interest and experience in data privacy and cyber security.