Rodeo
ResourcesPartnersSign in

Herbert Smith Freehills

Data Privacy Lawyer

London
Posted 12 days ago
Sign up to applySee more jobs like this

How your CV stacks up

1Upload CV
2Analyse CV
3Improve CV

Upload your CV to see how well it fits this job role

?%

Data Privacy Manager

About Herbert Smith Freehills Kramer

Herbert Smith Freehills Kramer is a world-leading global law firm, where our ambition is to help you achieve your goals. Exceptional client service and the pursuit of excellence are at our core. We invest in and care about our client relationships, which is why so many are longstanding.

We enjoy breaking new ground, as we have for over 170 years. As a fully integrated transatlantic and transpacific firm, we are where you need us to be. Our footprint is extensive across the world’s largest markets, key financial centres, and major growth hubs.

At our best, we tackle complexity and navigate change, working alongside clients on demanding litigation, regulatory work, and complex public and private market transactions. We are recognised as leaders in these areas, particularly in energy, infrastructure and resources, while also focusing on areas of growth that affect every business globally.

All of this is achieved by supporting the growth of our people, who help us deliver on our ambition: to help you achieve yours.


The Opportunity

The Role / Primary Responsibilities are centered within the General Counsel & Risk team as part of our global risk and compliance function. This role has a global remit and key areas of focus include:

Core Responsibilities

  • Managing Data Protection Impact Analysis (DPIA) Process

    • Risk assessing new systems, processing activities, and suppliers
    • Collaborating with project owners and IT Security
  • Supply Chain & Contractual Risks

    • Working with Procurement and contract owners to manage data protection (DP) risks
    • Ensuring appropriate contractual protections (with input from legal Subject Matter Experts (SMEs))
  • AI Risk Assessment Committee

    • Assisting with onboarding new AI tools, including data protection risk assessments
    • Advising on and implementing protections to mitigate risks tied to proposed AI tools

Supporting Responsibilities (Reporting to the Senior Data Privacy Manager)

  • Policy Development & Compliance
    • Developing, managing, and implementing global data protection (DP) policies, standards, guidelines, and procedures, including intra-group transfer agreements

Reasons to use Rodeo

I’m in my final year doing Economics and I don’t know whether to apply for grad schemes now or do a masters first. What do you think?

Honest answer — it depends on where you want to end up. A lot of top grad schemes (Big 4, civil service, banking) don’t need a masters. Let’s look at the ones you’d be competitive for now, and we can decide if a masters actually adds anything.

Also worth knowing: most autumn 2026 applications are open now. Timing matters more than you think.

Start with a chat, not a search bar

Grad scheme, placement, apprenticeship? Not sure what you want yet — that's fine. Your agent talks it through with you and turns "I have no idea" into a shortlist.

P

Graduate Consultant — 2026 Scheme

PwC·London, UK
£35,000/yr

Why you're a good match

Strong

Your economics background and your summer at a regional bank line up with what PwC looks for on the consulting scheme. Applications close in four weeks.

See breakdown
Save jobNot relevant
View details

It searches the market for you

Every day your agent scans the market matching roles against what actually matters to you, not just keywords on a CV.

Why you're a good match

You’ve got the grades and the economics background, and your bank internship is exactly the experience this scheme looks for. Apply soon — deadlines close within the month.

See breakdown
Strong

Experience fit

Your summer at the bank plus your econometrics coursework map directly to the day-one responsibilities on this scheme — client modelling, market briefings, and deal support.

See breakdown
Strong

Only hits

No noise. No "maybe this fits." Just roles with a clear explanation of why they're right — and where to focus when applying.

  • Operational Support

    • Handling day-to-day operational issues and incidents
    • Privacy by design and mapping/controls of data flows
    • Understanding the firm’s activities in collection, processing, access, ownership, location, cross-border transfers, and destruction of personal data
    • Monitoring adherence to retention periods and deletion protocols
    • Maintaining an incident register
  • Client & Audit Engagement

    • Advising on privacy terms in client retainer documentation
    • Cooperating with Information Security and business teams to address client requests for information and audits
  • Data Subject Requests

    • Responding to requests for correction, erasure, access, and data portability (with input from legal SMEs or HR as needed)
    • Maintaining relevant documentation and registers
  • Education & Awareness

    • Developing privacy education programs and other outreach methods
    • Ensuring data protection risks remain a business priority
    • Advising senior business services managers on evolving data protection concerns
  • Audit & Assurance

    • Supporting client audits regarding privacy concerns
    • Conducting privacy compliance reviews of specific offices and business functions
    • Assisting internal audits on data processing and activities while addressing internal/external audit findings
  • Risk Assessments & Reporting

    • Maintaining the firm’s data privacy risk assessments
    • Updating privacy impact assessments for each jurisdiction
    • Contributing to CXO-level committees and monitoring jurisdictional compliance laws
  • Strategic Collaboration

    • Preparation of quarterly plans and input into the firm’s Information Security report
    • Building strong stakeholder relationships (especially with IT and Legal teams)

Qualifications & Experience

Education

  • Degree educated (technical degree or law degree preferred)

Experience & Competencies

  • Minimum 3 years’ experience in:
    • Data privacy
    • Data governance
    • Information security
  • (Alternatively, consideration may be given to candidates with less experience who can demonstrate equivalent competencies.)

Get help with your application

Your very own career expert that helps elevate your application to the next level.

Get help applying for this job

Core Knowledge

  • Strong understanding of the GDPR
  • Good awareness of data protection laws in other jurisdictions
  • Technical fluency in IT systems, technologies, standards, and frameworks (especially ISO 27001, control frameworks)
  • Expertise in AI, including data protection risks associated with AI implementation

Skills & Attributes

  • Ability to liaise effectively with both lawyers and IT staff
  • Analytical skills for identifying and addressing data protection risks
  • Experience in drafting and monitoring policies and adherence to processes
  • Adaptable, diligent, and proactive
  • Relational strength for building meaningful partnerships

Working Pattern

  • Full-time permanent role
  • Located in London
  • Contract type: Permanent

Diversity & Inclusion

We are committed to fostering a respectful, inclusive culture where people thrive. At Herbert Smith Freehills Kramer, we prioritise creating a work environment where diverse backgrounds and perspectives can flourish.

Our Values—Human, Bold, and Outstanding guide us in achieving sustained innovation and growth. By valuing diversity, we align your growth with the firm’s, investing in your ambition while fostering shared goals of success.


Why Work With Us

As a leading global law firm of 6,000+ professionals, we operate in the world’s most critical markets across legal, regulatory, and transactional services. Our clients face diverse and pressing challenges, and our curiosity-driven culture encourages exploration of technology and digital transformation.

We strive to make a positive impact globally, building culturally rich workplaces through our ** diversity and openness**. Together, our ambition is to grow—alongside yours—and achieve meaningful, lasting results. For us, boldness and ambition aren’t defined by hierarchy but by understanding, collaboration, and mutual growth.

Herbert Smith Freehills Kramer: Your Growth. Our Ambition.

Trusted by 25,000+ job seekers

“It took my CV and asked me questions relevant to understanding what kind of jobs to suggest for me. Suggestions were almost perfect. Jobs were exactly what I’ve been looking for.”

Jessica, London

Get help applying for this job

Skills

Data Privacy
GDPR
DPIA
AI Risk Assessment
Data Governance
Information Security
ISO 27001
Risk Management
Policy Drafting
Compliance Monitoring
Cross-border Data Transfers
Privacy by Design

Location

London, England, United Kingdom

Sign up to applySee more jobs like this