Legal Counsel, Data Privacy & Technology

We have an exciting new opportunity for a Legal Counsel, Privacy and Technology to join our Legal, Regulatory Affairs, Ethics & Compliance, and Secretariat Function (LRECS). In this role, you will be an integral part of a high-performing privacy and technology team, reporting directly to our Group Data Protection Officer (DPO). You will play a crucial role in delivering for the Centrica Group and the wider legal function's objectives from a privacy, technology and cyber perspective.

Key requirements will be managing the privacy and associated technology risks to our business on a day-to-day basis and the ability to deliver privacy services to the commercial and technology led parts of the business. You will support a wide variety of legal work including supporting the customer facing businesses of Centrica as well as the procurement of goods and services.

Location: We work flexibly in line with our Flexible First working arrangements believing that empowered colleagues are happier and more productive. The successful candidate will, however, need to be comfortable commuting to our Windsor office on a weekly basis and on some occasions more frequently, as well as to our other locations as may be needed.

What will you do?

This is a broad privacy and technology role focused on delivering clear, pragmatic advice while ensuring compliance with laws governing energy and related services.

Key Responsibilities:

• Provide high-quality, risk-aware privacy support across the business.
• Help manage operational and regulatory risks through policies, training, and guidance.
• Support the Centrica DPO in meeting legal obligations.
• Advise on data protection clauses, transfer risk assessments, DPIAs, Article 30 records, customer rights requests, breach assessments, NIS obligations, and AI risk assessments.
• Review and input into contracts from a privacy and technology perspective.
• Offer privacy guidance on key business decisions, policies, and customer journeys.
• Build strong stakeholder relationships across functions to deliver objectives and manage risk.

Here's who we're looking for:

A qualified Lawyer with strong knowledge of GDPR, PECR, the EU AI Act, NIS requirements, and other major privacy and cybersecurity frameworks. Ideally, you'll hold a privacy or technology-related certification and bring a flexible, inquisitive approach to diverse legal tasks.

You should be confident managing stakeholders, prioritising effectively, and delivering practical, high-quality advice. A solid understanding of privacy, AI, technology, and information security law in the UK and Europe is essential; familiarity with the UK home energy management market is a plus.

Requirements:

• Proven success in a fast-paced, challenging environment (preferably in-house).
• Experience drafting data protection clauses and advising on contracts.
• Strong interest in privacy and emerging technologies.
• Ability to build relationships with senior leaders and provide pragmatic, risk-based advice.
• Comfortable working on complex, high-profile legal and privacy matters.
• Adaptable and committed to continuous learning.