Legal Counsel; Privacy & AI Governance

Requirements

• A strong track record of privacy and data protection legal advice, ideally in-house or advising digital, tech, or consumer-facing businesses, with the confidence to apply UK GDPR, DPA 2018, and PECR to novel fact patterns, not just textbook scenarios
• Genuine enthusiasm for legal technology and AI tools, with hands‑on experience experimenting with or deploying solutions that make legal teams work smarter
• Experience drafting and negotiating data protection contracts, including DPAs and cross-border transfer mechanisms, alongside working knowledge of AI governance and cyber regulatory obligations
• The ability to engage credibly with product, engineering, and commercial stakeholders, translating legal risk into clear guidance that enables delivery rather than blocking it
• If this sounds like the place where you can do your best work, we’d love to hear from you, even if you don’t tick every box. It’s not about ticking every box. It’s about turning up curious, ready to crack on

• As our next Legal Counsel, Privacy & AI Governance, you’ll be the go‑to expert on some of the most genuinely interesting legal questions Checkatrade is working through right now
• As our platform scales new products, new AI capabilities, new partnerships, you’ll sit at the intersection of data protection, AI governance, and cyber regulation, giving the business advice that’s useful and not just defensible
• You’ll sit within a collaborative legal team that’s nominated for In‑House Team of the Year and you’ll have real space to build: smarter tools, better processes, and a legal function that scales with the business
• Advising product, commercial, and operational teams on data protection and privacy law, giving practical, risk‑calibrated guidance that keeps delivery moving and keeps the business on the right side of the law
• Drafting and negotiating data protection agreements, including DPAs, SCCs, data sharing arrangements, and privacy provisions across commercial contracts
• Leading DPIAs and AI risk assessments from day one, working hand‑in‑hand with product and engineering to make sure new features and third‑party integrations are built right from the outset
• Advising on AI governance and regulatory obligations, including lawful basis, training data governance, automated decision‑making and profiling under UK GDPR, and translating the evolving UK AI regulatory landscape into clear, actionable guidance
• Owning the legal side of cyber and information security obligations, including NIS2 and the UK Cyber Security and Resilience Bill, and leading legal risk assessment and regulatory notification when incidents occur
• Spotting opportunities to make legal work better, including identifying and building legal AI solutions, testing new tools, and rolling out workflow improvements that help the whole team do more with less