Legal Counsel (Data Privacy & Compliance) (m/f/d)

3+ years of experience in privacy and data protection, ideally gained in-house Strong knowledge of EU and German data protection law (GDPR, BDSG, TTDSG) Experienced in commercial contracting and general corporate compliance Ideally a fully qualified German lawyer (Volljurist) who has completed both state examinations (Zweites Staatsexamen) Confident in advising on both EU and international level Confident advising internal stakeholders across Product, Research, Tech, and Commercial Excellent legal drafting skills in German and English Proactive, analytical, and comfortable working independently Curious about the intersection of privacy, technology, and AI Based in Europe (ideally in Germany, Spain, or the UK)

Advise on EU GDPR, and other privacy laws across the UK, US, and LATAM Draft, review, and negotiate Data Processing Agreements (DPAs) and Standard Contractual Clauses (SCCs) Manage Data Subject Rights Requests (access, deletion, portability, etc.) within statutory deadlines Oversee Data Protection Impact Assessments (DPIAs) and ensure privacy-by-design in product and research processes Monitor cross-border data transfers and manage Transfer Impact Assessments (TIAs) Maintain and enhance Appinio's internal privacy policies and compliance frameworks Conduct internal audits and risk reviews, driving continuous improvement Track new regulatory developments and translate them into actionable business guidance Partner with commercial legal to ensure contracts align with privacy obligations Support due diligence processes and respond to client security and privacy questionnaires Advise on lawful use of personal data in marketing, research, and product innovation Act as the contact point for data breach response and regulator communications Identify and mitigate privacy and compliance risks across departments Coordinate with external advisors and DPOs on high-risk or complex matters Collaborate with Product and Data teams to ensure responsible data and AI use Review new tools, APIs, and technologies for compliance implications