Privacy Counsel
ESTO GroupEstonia5 hours ago
Full-timeRemote FriendlyLegal
Track This Job
Add this job to your tracking list to:
- Monitor application status and updates
- Change status (Applied, Interview, Offer, etc.)
- Add personal notes and comments
- Set reminders for follow-ups
- Track your entire application journey
Save This Job
Add this job to your saved collection to:
- Access easily from your saved jobs dashboard
- Review job details later without searching again
- Compare with other saved opportunities
- Keep a collection of interesting positions
- Receive notifications about saved jobs before they expire
AI-Powered Job Summary
Get a concise overview of key job requirements, responsibilities, and qualifications in seconds.
Pro Tip: Use this feature to quickly decide if a job matches your skills before reading the full description.
PRIVACY COUNSEL
We are seeking an engaged, business-oriented Privacy Counsel to lead and evolve ESTO’s privacy program across the Baltics. You will own our annual GDPR roadmap, provide practical, risk-based advice to cross-functional teams, and help embed compliant, scalable ways of working across products, technology, operations, risk, and commercial teams. You will be a visible partner to leadership and help ESTO deliver innovative financial services while protecting customer trust.
WHAT YOU WILL DO:
🌟 Be Part of Something BIG: Gain hands-on experience in a fast-growing fintech company.
🤝 Work with the Best: Join a tight-knit, highly skilled team where open communication and collaboration drive success.
🏡 Work Your Way: Enjoy a hybrid setup, balancing office time and remote work to suit your lifestyle.
🛡️ We’ve Got You Covered: Benefit from sick leave compensation, Stebby, additional health days, and a flexible work environment that prioritizes your well-being.
🎉 Stay Active and Connected: Take birthday leave, join fun team events, and enjoy plenty of opportunities to unwind.
We are seeking an engaged, business-oriented Privacy Counsel to lead and evolve ESTO’s privacy program across the Baltics. You will own our annual GDPR roadmap, provide practical, risk-based advice to cross-functional teams, and help embed compliant, scalable ways of working across products, technology, operations, risk, and commercial teams. You will be a visible partner to leadership and help ESTO deliver innovative financial services while protecting customer trust.
WHAT YOU WILL DO:
- Own and deliver ESTO’s annual privacy plan, aligning priorities with business goals and regulatory expectations across Estonia, Latvia, and Lithuania.
- Act as a key member of ESTO’s privacy network, working closely with the Chief Legal Officer, the Data Protection Officer and internal business stakeholders.
- Provide day-to-day counsel on data protection issues, including:
- Records of Processing Activities (RoPA) maintenance and reviews.
- Data Protection Impact Assessments (DPIAs) and Legitimate Interest Assessments (LIAs).
- Transfer Impact Assessments (TIAs) and cross-border data transfer mechanisms (e.g., SCCs).
- Vendor and data processing agreements, including vendor due diligence and ongoing oversight.
- Cookie/consent management and ePrivacy requirements for web and mobile.
- Automated decision-making and profiling.
- Partner with product and engineering to embed data protection by design and by default into new products, features, scoring models, analytics, fraud prevention, and merchant/partner integrations.
- Support the handling of data subject requests, as well as incident and breach response, including investigations, notifications, corrective actions, and lessons learned.
- Monitor regulatory developments and translate them into clear, actionable guidance and processes.
- Prepare materials and deliver training to increase privacy awareness and accountability across teams.
- Contribute to internal audits, controls testing, and readiness for regulator inquiries; coordinate with local data protection authorities as needed.
- Track metrics and KPIs to measure program effectiveness and drive continuous improvement.
- EU-qualified lawyer with minimum 3+ years of post-qualification experience.
- Experience advising on GDPR and related regulatory requirements in a fast-paced environment, ideally within fintech, payments, BNPL, lending, or broader financial services.
- Proven ability to implement privacy projects end-to-end: mapping data, conducting DPIAs/LIAs/TIAs, managing data subject requests and incidents, remediating risks, and operationalizing controls.
- Strong commercial acumen with the ability to give pragmatic, outcome-focused advice that balances risk and growth.
- Comfortable working independently and taking ownership, while being a collaborative team player who builds trust across functions.
- Excellent communication skills in English and Estonian, both spoken and written;
- Nice to have skills: Experience with consumer credit and marketing privacy issues, credit bureau data, AML/KYC data processing, and retention strategies. Understanding of information security related regulations and standards. Track record engaging with Baltic DPAs and/or other regulators.
🌟 Be Part of Something BIG: Gain hands-on experience in a fast-growing fintech company.
🤝 Work with the Best: Join a tight-knit, highly skilled team where open communication and collaboration drive success.
🏡 Work Your Way: Enjoy a hybrid setup, balancing office time and remote work to suit your lifestyle.
🛡️ We’ve Got You Covered: Benefit from sick leave compensation, Stebby, additional health days, and a flexible work environment that prioritizes your well-being.
🎉 Stay Active and Connected: Take birthday leave, join fun team events, and enjoy plenty of opportunities to unwind.
Key Skills
Ranked by relevanceReady to apply?
Join ESTO Group and take your career to the next level!
Application takes less than 5 minutes