Global Data Protection & Technology Counsel (12 months FTC)

About The Bonhams Network

Founded in 1793, Bonhams is a global network of auction houses, with the largest number of international salerooms, offering the widest range of collecting categories and selling at all price points. Bonhams is recognised for its bespoke service, and a dedication to local market relationships, enhanced by a global platform. With 14 salerooms, Bonhams presents over 1,000 sales annually, across more than 60 specialist categories, including fine art, collectables, luxury, wine & spirits, and collector cars. In 2022, Bonhams added four international auction houses to its network: Bukowskis, Stockholm; Bruun Rasmussen, Copenhagen; Cornette de Saint Cyr, Paris and Brussels; and Skinner, Massachusetts. The success of Bonhams’ global strategy is a result of recognising the shift in growing intercontinental buying and increased digital engagement.

About The Role

We are seeking an experienced Global Data Protection & Technology Counsel to join our Legal & Compliance team during a period of significant digital and operational change. This is a pivotal global role within a consumer‑facing art‑market business that handles substantial volumes of customer, consignor, bidder, and transactional data across multiple jurisdictions. The ideal candidate is a strong data protection specialist who is equally comfortable providing pragmatic legal advice and driving compliance implementation. Given the business's evolving technology landscape, the role requires someone who can partner closely with Product, Technology, e‑Commerce, Operations, and regional teams to ensure privacy and data‑governance standards are embedded into new and existing systems, processes, and digital customer experiences.

Key Tasks & Responsibilities

• Data Protection & Privacy Advice – Serve as the organisation’s primary subject‑matter expert on global privacy and data protection laws (including UK GDPR, EU GDPR, and other relevant regimes). Provide clear, practical, business‑focused legal advice on data collection, use, sharing, international transfers, data retention, and lawful bases. Advise on privacy implications of digital products, customer‑facing technologies, CRM systems, online payment solutions, AI‑enabled tools, and other emerging technologies.
• Privacy Governance & Compliance – Lead the ongoing enhancement of data‑protection compliance frameworks, policies, procedures, and training globally. Oversee DPIAs, LIAs, TIAs and other privacy assessments for new tools, platforms, and business processes. Maintain and improve Records of Processing Activities (RoPA) and support ongoing audits and compliance reporting. Manage responses to data subject rights requests across multiple jurisdictions. Advise on and coordinate incident response and data‑breach management.
• Technology, Digital & e‑Commerce Enablement – Partner with Technology and Product teams on platform upgrades, data‑architecture changes, and new digital features to ensure compliance is “built in”. Support e‑commerce expansion, marketing initiatives, and customer‑journey improvements with guidance on cookies, tracking, online consent management, and profiling. Support procurement and vendor‑management teams on tech‑related contracts, including DPAs, information‑security schedules, and cloud‑services agreements.
• Cross‑Functional Collaboration – Work closely with global business units to ensure consistent privacy standards and support local privacy needs. Collaborate with Security, Operations, Marketing, HR, and regional teams to implement privacy controls and embed good data‑governance behaviours across the company. Provide training and awareness sessions tailored to business functions and risk profiles.
• Strategic Input & Transformation Support – Advise the General Counsel and senior leadership on privacy risks and requirements associated with major digital‑transformation projects. Contribute legal insight to data‑strategy planning, information‑management initiatives, and technology‑driven customer‑experience enhancements. Support the development of scalable global processes and tools that reduce friction, strengthen compliance, and future‑proof the organisation’s data‑governance framework.

Essential Skills & Experience

• Qualified lawyer (UK or equivalent) with strong experience in privacy/data protection (minimum 5–7 years PQE preferred, but flexible based on experience).
• Deep understanding of UK GDPR, EU GDPR, and global privacy trends.
• Demonstrated experience advising on data‑protection issues within a consumer‑facing, digital, or technology‑enabled environment.
• Strong track record working with or within technology, product, e‑commerce, or innovation teams.
• Hands‑on experience with compliance frameworks, data‑governance processes, DPIAs/PIAs, vendor assessments, and incident response.
• Excellent communication skills and ability to translate complex privacy concepts into actionable business guidance.
• Ability to work autonomously in a fast‑paced environment and manage competing priorities across multiple jurisdictions.

Desirable

• Experience in the art market, luxury sector, or other regulated/high‑value transaction industries.
• Familiarity with cybersecurity requirements and tech‑risk governance.
• Experience supporting global or multi‑regional organisations.
• Hands‑on experience with data‑mapping, privacy‑operations tools, and digital‑product lifecycles.

What We Offer

• 28 days holidays (including Bank Holidays), increasing to 33 with service.
• Healthcare.

If you wish to apply, please send your CV and cover letter by the 17th March 2026 at midnight. We thank you for your interest in this position but please note that we will only contact candidates chosen for further consideration. Bonhams is an Equal Opportunity Employer. As part of our commitment to fight for equality, we work to ensure a fair and consistent interview process. We celebrate diversity and we are committed to an inclusive work environment.