-
View all jobs
PRIVACY COUNSEL
We are seeking an engaged, business-oriented Privacy Counsel to lead and evolve ESTO’s privacy program across the Baltics. You will own our annual GDPR roadmap, provide practical, risk-based advice to cross-functional teams, and help embed compliant, scalable ways of working across products, technology, operations, risk, and commercial teams. You will be a visible partner to leadership and help ESTO deliver innovative financial services while protecting customer trust.
WHAT YOU WILL DO:
🌟 Be Part of Something BIG: Gain hands-on experience in a fast-growing fintech company.
🤝 Work with the Best: Join a tight-knit, highly skilled team where open communication and collaboration drive success.
🏡 Work Your Way: Enjoy a hybrid setup, balancing office time and remote work to suit your lifestyle.
🛡️ We’ve Got You Covered: Benefit from sick leave compensation, Stebby, additional health days, and a flexible work environment that prioritizes your well-being.
🎉 Stay Active and Connected: Take birthday leave, join fun team events, and enjoy plenty of opportunities to unwind.
We are seeking an engaged, business-oriented Privacy Counsel to lead and evolve ESTO’s privacy program across the Baltics. You will own our annual GDPR roadmap, provide practical, risk-based advice to cross-functional teams, and help embed compliant, scalable ways of working across products, technology, operations, risk, and commercial teams. You will be a visible partner to leadership and help ESTO deliver innovative financial services while protecting customer trust.
WHAT YOU WILL DO:
- Own and deliver ESTO’s annual privacy plan, aligning priorities with business goals and regulatory expectations across Estonia, Latvia, and Lithuania.
- Act as a key member of ESTO’s privacy network, working closely with the Chief Legal Officer, the Data Protection Officer and internal business stakeholders.
- Provide day-to-day counsel on data protection issues, including:
- Records of Processing Activities (RoPA) maintenance and reviews.
- Data Protection Impact Assessments (DPIAs) and Legitimate Interest Assessments (LIAs).
- Transfer Impact Assessments (TIAs) and cross-border data transfer mechanisms (e.g., SCCs).
- Vendor and data processing agreements, including vendor due diligence and ongoing oversight.
- Cookie/consent management and ePrivacy requirements for web and mobile.
- Automated decision-making and profiling.
- Partner with product and engineering to embed data protection by design and by default into new products, features, scoring models, analytics, fraud prevention, and merchant/partner integrations.
- Support the handling of data subject requests, as well as incident and breach response, including investigations, notifications, corrective actions, and lessons learned.
- Monitor regulatory developments and translate them into clear, actionable guidance and processes.
- Prepare materials and deliver training to increase privacy awareness and accountability across teams.
- Contribute to internal audits, controls testing, and readiness for regulator inquiries; coordinate with local data protection authorities as needed.
- Track metrics and KPIs to measure program effectiveness and drive continuous improvement.
- EU-qualified lawyer with minimum 3+ years of post-qualification experience.
- Experience advising on GDPR and related regulatory requirements in a fast-paced environment, ideally within fintech, payments, BNPL, lending, or broader financial services.
- Proven ability to implement privacy projects end-to-end: mapping data, conducting DPIAs/LIAs/TIAs, managing data subject requests and incidents, remediating risks, and operationalizing controls.
- Strong commercial acumen with the ability to give pragmatic, outcome-focused advice that balances risk and growth.
- Comfortable working independently and taking ownership, while being a collaborative team player who builds trust across functions.
- Excellent communication skills in English and Estonian, both spoken and written;
- Nice to have skills: Experience with consumer credit and marketing privacy issues, credit bureau data, AML/KYC data processing, and retention strategies. Understanding of information security related regulations and standards. Track record engaging with Baltic DPAs and/or other regulators.
🌟 Be Part of Something BIG: Gain hands-on experience in a fast-growing fintech company.
🤝 Work with the Best: Join a tight-knit, highly skilled team where open communication and collaboration drive success.
🏡 Work Your Way: Enjoy a hybrid setup, balancing office time and remote work to suit your lifestyle.
🛡️ We’ve Got You Covered: Benefit from sick leave compensation, Stebby, additional health days, and a flexible work environment that prioritizes your well-being.
🎉 Stay Active and Connected: Take birthday leave, join fun team events, and enjoy plenty of opportunities to unwind.
Key Skills
Ranked by relevance
gdpr
Related Jobs
3 roles aligned with this opportunity
View Job Details
Related
Group Privacy Lawyer
2026-06-15
Full-time
Not Applicable
Estonia
Financial Services
Legal
View Job Details
Related
Privacy and Compliance Analyst
2026-06-17
Full-time
Associate
Canada
Internet Marketplace Platforms
Legal
Login to Apply
- Posted
- Nov 14, 2025
- Type
- Full-time
- Level
- Mid-Senior
- Location
- Tallinn
- Company
- ESTO Group
Industries
Financial Services
Categories
Legal
Related Jobs
3 roles aligned with this opportunity
View Job Details
Related
Group Privacy Lawyer
2026-06-15
Full-time
Not Applicable
Estonia
Financial Services
Legal
View Job Details
Related
Privacy and Compliance Analyst
2026-06-17
Full-time
Associate
Canada
Internet Marketplace Platforms
Legal