Senior Data Protection & Privacy Counsel

We are seeking an experienced Data Protection & Privacy Counsel to support the upcoming EPC's initiatives focused on fraud-prevention/mitigation and their interaction with the EU data protection framework (notably under the EU General Data Protection Regulation (GDPR)).

Key Responsibilities

Provide tailored advice on data privacy and protection matters and duties

• provide tailored support to the EPC's Legal Team and Secretariat on EU data privacy and protection matters regulating and/or affecting the mandatory exchange of data for the purposes of fraud prevention and/or within a fraud information sharing arrangement (e.g., under the upcoming Payment Services Regulation (PSR) Art. 83a);

• work in close cooperation with the Risk Management function to determine the best approach to mitigate and address data privacy risks;

• work in tandem with the EPC's Legal Team to ensure full compliance with the data protection requirements (possibly) applicable on the EPC under the GDPR, as linked to the upcoming fraud information sharing-related projects;

• perform Data Protection Impact Assessments (DPIAs) as needed, and monitor their ongoing performance;

• support with the drafting of Request for Proposals (RFPs) in case independent additional support is required for the EPC to fulfil its data protection-related duties and obligations;

• interact with relevant competent Authorities (e.g., DPA and/or EDPB) if need be;

• support the preparation of relevant materials for the appropriate EPC working groups in tandem with the relevant EPC staff;

• support the EPC management and staff with queries related to data protection;

• contribute to the creation and/or amendment of internal EPC policies and procedures related to data protection, if and as needed.

Legal Advisory & Regulatory Compliance

• Provide legal advice on EU data protection and fraud prevention in tandem with the rest of the EPC legal team and the relevant EPC bodies

• Contribute to ensuring compliance of the EPC schemes and activities with the upcoming legislation (PSD3, PSR…) on data protection matters

• Advise internal teams on GDPR compliance, lawful data processing, data governance, and privacy-by-design principles

• Monitor and interpret relevant EU legislative and regulatory developments, including the GDPR, PSR and PSD3, on data protection matters

• Provide advice to management and working groups on legal and regulatory matters in coordination with the rest of the EPC legal team

• Coordinate the preparation of appropriate materials and proposals for the governing bodies and the EPC Secretariat and maintain the internal policies up to date.

• Support the EPC legal team in coordinating obligations under GDPR (DPIA) and drafting related documents (data protection agreements, frameworks, policies, etc.).

•  Although it would be nice to find someone with a 360’ view, I would restrict the cope of the activity to data protection matters. If the competences are more, very nice to have

Position Requirements

• Master’s degree in law

• Qualified to practice law in at least one EU jurisdiction

• Minimum 10 years of relevant professional experience. Preferred 15+.

• Certification as Data Protection Officer (DPO)

• Strong expertise in EU data protection and fraud prevention

• Demonstrated experience in working as DPO (at least 5 years) and in managing complex DPIA projects and data privacy assessments.

• Experience working with trade associations, competent Authorities and/or Tier 1 or 2 consulting firms is a strong advantage

• Excellent analytical and problem-solving skills

• Business-oriented and pragmatic mindset

• High level of integrity and professional ethics

• Excellent written and verbal communication skills

• Fluency in English (C1 level or above); additional European languages are an asset

• Ability to work autonomously in an international and multicultural environment

What We Offer

• Flexible freelance consulting collaboration model (the ECP is open to consider various options in terms of effort, including part-time engagements)

• A 6–9-month assignment, ideally starting in Summer 2026 (July/August)

• Presence in our Brussels office for 2 days per week; occasional travel may be required

• Opportunity to contribute to a unique project for the setup of a strategic European initiative in fraud prevention

• Dynamic and international working environment in Brussels

• Exposure to high-level regulatory and governance stakeholders