At a Glance
- Tasks: Lead data privacy initiatives and ensure compliance with UK regulations in a digital health setting.
- Company: Montu UK, a pioneering digital health company focused on cannabis-based medicines.
- Benefits: Dynamic work environment, professional growth opportunities, and the chance to make a real impact.
- Why this job: Join a mission-driven team and help shape the future of patient care through innovative privacy practices.
- Qualifications: UK-qualified solicitor/barrister with 3-6 years of experience in privacy/data protection.
- Other info: Be part of a supportive culture that values your contributions and encourages personal development.
The predicted salary is between 36000 - 60000 ÂŁ per year.
Montu UK is hiring a Data Privacy Counsel to lead and elevate our privacy, data protection and information governance across the UK business. You'll embed robust UK GDPR / DPA 2018 / PECR compliance into our telehealth clinic (Alternaleaf) and online pharmacy, enabling innovation while protecting patient trust. This is a handsâon, highâimpact role at the heart of a regulated digital health scaleâup - partnering with Clinical, Pharmacy, Product/Engineering, Governance and Operations to make privacy practical, scalable and "baked in" from day one.
Key responsibilities
- Compliance & governance
- Own and improve Montu UK's privacy compliance framework (UK GDPR, DPA 2018, PECR and healthcare information requirements).
- Maintain core privacy artefacts (RoPA, policies, DPIA framework, retention, cookie/marketing practices) and produce clear internal reporting.
- Act as the UK privacy SME across the business, translating regulation into workable outcomes.
- Advisory & stakeholder partnership
- Advise senior leaders and crossâfunctional teams (Clinical, Pharmacy, Governance, Product/Engineering, Customer Support) on privacyâbyâdesign and data ethics.
- Support new and existing products/workflows (telehealth, patient portal, remote prescribing, pharmacy systems) through DPIAs/LIAs, risk assessments and pragmatic controls.
- Guide on controller/processor roles, vendor due diligence, cybersecurity expectations and international transfers (including TIAs as needed).
- Contracting & regulator interface
- Draft, review and negotiate DPAs, dataâsharing agreements and privacy/security schedules across commercial and vendor contracts.
- Serve as DPO for Montu UK group companies and act as primary contact for the ICO on UK processing activities.
- Enablement & culture
- Build a strong privacy culture through training, awareness and simple guidance that teams actually use.
- Help teams move fast safely - balancing compliance with patient access, innovation and commercial goals.
Required knowledge, skills and experience
- UKâqualified solicitor/barrister with c. 3â6 years PQE focused on privacy/data protection (inâhouse or private practice).
- Strong working knowledge of UK GDPR, DPA 2018, PECR and handling special category health data in regulated contexts.
- Proven experience designing or running privacy compliance programmes (RoPA, DPIAs, policies, training, incident readiness).
- Confident drafting/negotiating DPAs, dataâsharing agreements and privacy/security provisions.
- Comfortable operating autonomously in a highâgrowth, missionâdriven environment and influencing technical and nonâtechnical stakeholders.
Desirable attributes
- Digital health / telemedicine / online pharmacy experience (particularly specialist medicines/controlled drugs).
- Familiarity with NHS DSP Toolkit and UK information governance standards.
About Montu
Montu UK is a leading digital health company specialising in cannabisâbased medicines (CBPM). We are committed to transforming lives by improving access to safe, effective treatments and offering an exceptional standard of care. Our dynamic and supportive work environment is the perfect place for you to grow professionally while making a meaningful impact on patients' lives.
Data Privacy Counsel in London employer: Montu UK
Contact Detail:
Montu UK Recruiting Team
StudySmarter Expert Advice đ¤Ť
We think this is how you could land Data Privacy Counsel in London
â¨Tip Number 1
Network like a pro! Reach out to folks in the digital health space, especially those working with privacy and data protection. Attend industry events or webinars to make connections that could lead to job opportunities.
â¨Tip Number 2
Show off your expertise! Prepare to discuss your knowledge of UK GDPR, DPA 2018, and PECR during interviews. Bring real-life examples of how you've implemented privacy compliance in past roles to the table.
â¨Tip Number 3
Be proactive! If you see a job opening at Montu UK, donât just apply through the usual channels. Use our website to submit your application and follow up with a friendly email to express your enthusiasm for the role.
â¨Tip Number 4
Prepare for scenario-based questions! Think about how you would handle specific privacy challenges in a telehealth setting. This will show interviewers that you can think on your feet and apply your knowledge practically.
We think you need these skills to ace Data Privacy Counsel in London
Some tips for your application đŤĄ
Tailor Your CV: Make sure your CV is tailored to the Data Privacy Counsel role. Highlight your experience with UK GDPR, DPA 2018, and any relevant compliance frameworks. We want to see how your skills align with our needs!
Craft a Compelling Cover Letter: Your cover letter should tell us why you're the perfect fit for Montu UK. Share specific examples of how you've successfully navigated privacy compliance in the past. This is your chance to shine!
Showcase Your Stakeholder Skills: In your application, emphasise your ability to work with cross-functional teams. We value collaboration, so let us know how you've partnered with different departments to achieve privacy goals.
Apply Through Our Website: Don't forget to apply through our website! Itâs the best way for us to receive your application and ensures youâre considered for this exciting opportunity at Montu UK.
How to prepare for a job interview at Montu UK
â¨Know Your Regulations
Make sure you brush up on UK GDPR, DPA 2018, and PECR before the interview. Being able to discuss these regulations confidently will show that you understand the legal landscape Montu operates in and can translate complex regulations into practical solutions.
â¨Showcase Your Experience
Prepare specific examples from your past roles where you've successfully implemented privacy compliance programmes or handled data protection issues. This will help demonstrate your hands-on experience and how you can bring value to Montu's privacy framework.
â¨Understand the Business
Familiarise yourself with Montu's services, especially their telehealth clinic and online pharmacy. Understanding how privacy impacts these areas will allow you to speak more effectively about how you can support their goals while ensuring compliance.
â¨Engage with Stakeholders
Think about how you would approach advising cross-functional teams on privacy matters. Be ready to discuss strategies for building a strong privacy culture and how you can make compliance practical and scalable across the organisation.