What is the salary for this Data Privacy Counsel role?

Salary information is not publicly listed for this position. Apply directly to discuss compensation with Montu Uk.

Where is this Data Privacy Counsel position located?

This is an on-site position at Montu Uk located in Remote.

How do I apply for this Data Privacy Counsel job at Montu Uk?

Click the 'Apply' button on this page to be redirected to Montu Uk's application portal. Make sure to have your resume ready and tailor your application to highlight relevant experience.

Montu Uk is actively hiring for Legal roles. Visit the company page to see all open positions and learn more about working at Montu Uk.

Data Privacy Counsel

Montu Uk Remote Today

legal

About the role

Montu UK is hiring a Data Privacy Counsel to lead and elevate our privacy, data protection and information governance across the UK business. You’ll embed robust UK GDPR / DPA 2018 / PECR compliance into our telehealth clinic (Alternaleaf) and online pharmacy, enabling innovation while protecting patient trust.

This is a hands-on, high-impact role at the heart of a regulated digital health scale-up - partnering with Clinical, Pharmacy, Product/Engineering, Governance and Operations to make privacy practical, scalable and “baked in” from day one.

Key responsibilities

Compliance & governance

Own and improve Montu UK’s privacy compliance framework (UK GDPR, DPA 2018, PECR and healthcare information requirements).
Maintain core privacy artefacts (RoPA, policies, DPIA framework, retention, cookie/marketing practices) and produce clear internal reporting.
Act as the UK privacy SME across the business, translating regulation into workable outcomes.

Advisory & stakeholder partnership

Advise senior leaders and cross-functional teams (Clinical, Pharmacy, Governance, Product/Engineering, Customer Support) on privacy-by-design and data ethics.
Support new and existing products/workflows (telehealth, patient portal, remote prescribing, pharmacy systems) through DPIAs/LIAs, risk assessments and pragmatic controls.
Guide on controller/processor roles, vendor due diligence, cybersecurity expectations and international transfers (including TIAs as needed).

Contracting & regulator interface

Draft, review and negotiate DPAs, data-sharing agreements and privacy/security schedules across commercial and vendor contracts.
Serve as DPO for Montu UK group companies and act as primary contact for the ICO on UK processing activities.

Enablement & culture

Build a strong privacy culture through training, awareness and simple guidance that teams actually use.
Help teams move fast safely - balancing compliance with patient access, innovation and commercial goals.

Required knowledge, skills and experience

UK-qualified solicitor/barrister with c. 3–6 years PQE focused on privacy/data protection (in-house or private practice).
Strong working knowledge of UK GDPR, DPA 2018, PECR and handling special category health data in regulated contexts.
Proven experience designing or running privacy compliance programmes (RoPA, DPIAs, policies, training, incident readiness).
Confident drafting/negotiating DPAs, data-sharing agreements and privacy/security provisions.
Comfortable operating autonomously in a high-growth, mission-driven environment and influencing technical and non-technical stakeholders.

Desirable attributes

Digital health / telemedicine / online pharmacy experience (particularly specialist medicines/controlled drugs).
Familiarity with NHS DSP Toolkit and UK information governance standards.

About Montu

Montu UK is a leading digital health company specialising in cannabis-based medicines (CBPM). We are committed to transforming lives by improving access to safe, effective treatments and offering an exceptional standard of care. Our dynamic and supportive work environment is the perfect place for you to grow professionally while making a meaningful impact on patients’ lives.