JD.COM
Privacy Counsel - Data, Cybersecurity & Responsible AI

How your CV stacks up
Upload your CV to see how well it fits this job role
?%
About the role
This is a newly created position within JD Worldwide's International Legal and Compliance Department, created to support the business as it scales across the UK and EU. You will guide the business on how it handles data, privacy, cybersecurity and the responsible use of AI across its retail and marketplace operations. As JD scales, this role helps the business stay on top of a fast-moving regulatory landscape and build practical, durable privacy and AI practices across Europe.
What you'll do
- Advise the business on GDPR and UK GDPR across its retail and marketplace operations - lawful basis, transparency, data-subject rights, retention, records of processing, and international transfers
- Build privacy by design into new products, features and data flows, and lead DPIAs for higher-risk activity such as profiling, personalisation and advertising
- Guide how the business deploys AI responsibly, including EU AI Act obligations, transparency, automated decision-making, and the contracts behind AI tools and vendors
- Advise on cybersecurity and information-security obligations, including breach and incident response and the security terms in vendor and processor agreements
- Draft and negotiate data processing agreements and the data and security terms in commercial and seller contracts
- Advise on cookies, consent and marketing, and the data aspects of the DSA and DMA as they touch advertising and recommendations
- Support engagement with regulators and advise the business on enforcement risk and how to manage it
- Partner with the data protection, information security, product and engineering teams to turn regulation into practical controls
- Keep on top of the UK and EU digital-regulation pipeline and flag what matters to the business
Reasons to use Rodeo
I’m in my final year doing Economics and I don’t know whether to apply for grad schemes now or do a masters first. What do you think?
Honest answer — it depends on where you want to end up. A lot of top grad schemes (Big 4, civil service, banking) don’t need a masters. Let’s look at the ones you’d be competitive for now, and we can decide if a masters actually adds anything.
Also worth knowing: most autumn 2026 applications are open now. Timing matters more than you think.
Start with a chat, not a search bar
Grad scheme, placement, apprenticeship? Not sure what you want yet — that's fine. Your agent talks it through with you and turns "I have no idea" into a shortlist.
Graduate Consultant — 2026 Scheme
Why you're a good match
StrongYour economics background and your summer at a regional bank line up with what PwC looks for on the consulting scheme. Applications close in four weeks.
See breakdownIt searches the market for you
Every day your agent scans the market matching roles against what actually matters to you, not just keywords on a CV.
Why you're a good match
You’ve got the grades and the economics background, and your bank internship is exactly the experience this scheme looks for. Apply soon — deadlines close within the month.
Experience fit
Your summer at the bank plus your econometrics coursework map directly to the day-one responsibilities on this scheme — client modelling, market briefings, and deal support.
Only hits
No noise. No "maybe this fits." Just roles with a clear explanation of why they're right — and where to focus when applying.
What we're looking for
- A qualified solicitor or lawyer (England & Wales or equivalent EU jurisdiction; dual qualification an advantage), with 7-10 years' post-qualification experience, a good part of it in data protection
- Fluency in a second EU language an advantage - German, French, Dutch, Spanish or Portuguese all valued
- A background combining data protection work at a recognised law firm with in-house experience at a scaled e-commerce, marketplace, retail or technology business
- Strong working knowledge of GDPR and UK GDPR and a good grasp of the wider EU digital rulebook - EU AI Act, DSA, DMA and ePrivacy, with awareness of NIS2 and DORA
- Experience advising on AI governance and/or technology, and on security and breach matters, a strong advantage
- A practical, action-oriented operator who is highly organised and able to bring structure to a fast-moving environment
- A confident communicator, comfortable partnering directly with the business and seeing matters through to resolution
- Comfortable working across multiple European jurisdictions and translating complex rules into clear, commercial advice
- Comfortable working in an environment where processes and frameworks are still developing


Get help with your application
Your very own career expert that helps elevate your application to the next level.
Why this role
JD Worldwide is scaling fast, and data, privacy and AI sit right at the centre of how a modern marketplace earns trust and stays compliant. This role offers real breadth, from day-to-day privacy advice to AI governance, cybersecurity and the newest digital regulation, with meaningful ownership of your area and direct exposure to senior leadership. For a commercially minded professional who wants to shape how a fast-growing business handles data and AI, this is a genuine opportunity to contribute to a function that is still being built.
“It took my CV and asked me questions relevant to understanding what kind of jobs to suggest for me. Suggestions were almost perfect. Jobs were exactly what I’ve been looking for.”
Jessica, London
Skills
Location