Location: Dunstable, (LU5 5XE) hybrid working (3 days per week in the office)
Salary: £100,000 - £120,000 depending on experience, £5,650 car allowance, plus bonus up to 30%, pension matched to 10%, family health cover, sharesave scheme
Reports To: Legal Director
We’re now looking for a Senior Legal Counsel to join our Legal team. This is a high profile but supportive role where you’ll be empowered to shape how data protection, AI governance, and wider compliance work across the business, with real backing from senior leaders and the space to do things well.
About the role
This role combines data privacy leadership with a broader compliance and AI governance remit, offering real variety and the opportunity to build sustainable, practical frameworks that enable the business to move forward with confidence. Roughly 60% of the role focuses on data protection, with the remaining 40% covering wider legal compliance, governance, and AI related matters.
What you’ll be doing
Data Protection (UK led, with international exposure)
* Lead UK data protection compliance across the full consumer and employee data lifecycle
* Develop, maintain, and embed clear, workable data protection policies and governance frameworks
* Manage Whitbread’s relationship with its outsourced UK DPO
* Provide guidance and support to our teams in Ireland and Germany
* Oversee DPIAs, ROPAs, DSARs and data related disputes
* Draft and negotiate data processing and data sharing agreements
* Work closely with IT and digital teams to ensure privacy by design is built into new initiatives from the outset
AI, Compliance & Governance
Alongside data privacy, you’ll play an important role in shaping Whitbread’s approach to AI and wider legal compliance, including:
* Acting as the legal subject matter expert on AI regulation and emerging legal developments
* Playing an active role on Whitbread’s AI Governance Forum, supporting responsible and effective decision making
* Advising on AI governance frameworks, including oversight of AI use by third party suppliers
* Supporting the business to enable the safe, compliant, and ethical use of AI, balancing innovation with appropriate safeguards
* Code of Conduct governance and communications
* Competition law risk management and training
* Anti bribery and corruption frameworks
* Supporting compliance reporting to the Audit Committee
You don’t need to be a subject matter expert in every one of these areas. What matters most is a passion for developing, embedding, and improving legal compliance and governance frameworks in a practical, business focused way.
What we’re looking for
We’re more interested in good judgement, curiosity, and a collaborative mindset than a rigid checklist. That said, you’ll likely bring:
* Qualification as a lawyer with around 5+ years’ PQE
* Experience in UK data protection law (EU exposure helpful but not essential)
* Experience working with significant volumes of consumer and/or employee data (B2C experience important)
* An interest in, or exposure to, AI regulation and governance, and a willingness to stay close to emerging developments
* The ability to write clear, practical policies and guidance
* Confidence working with senior stakeholders in a complex organisation
* A pragmatic, solutions focused approach
* Private practice or in house backgrounds are welcome.
What kind of person thrives here?
People who enjoy this role tend to be:
* Approachable, positive, and collaborative
* Comfortable taking ownership, while working closely with others
* Commercially minded and practical
* Curious about emerging technologies and how the law can enable responsible innovation
* Motivated by building things that last and make a real difference
#J-18808-Ljbffr