At Brodies LLP, we value and respect all colleagues as individuals. As a UK law firm headquartered in Scotland, we believe that the experiences and perspectives of a diverse workforce that reflects our communities, and the clients we serve, allows us to see the world through many lenses.
As the largest firm in our jurisdiction measured by income, directory rankings, and lawyer numbers, the progress we continue to make is testament to the commitment of our colleagues.
In the last three years, our firm's revenue has grown by 20%, and we have welcomed almost 100 new colleagues. Today, we have more than 800 colleagues and offices in Aberdeen, Edinburgh, Glasgow, Inverness, London, Abu Dhabi and Brussels.
JOB TITLE
Associate (4+ years PQE) – Data Protection and Information Law (Commercial Services)
This role can be based in any of our offices in Edinburgh, Glasgow, Aberdeen or Inverness.
REPORTING TO
Grant Campbell and Martin Sloan, Partners
JOB PURPOSE
We currently have an opportunity for an associate to join our highly regarded data protection and information law team, which is part of our commercial services practice. This team is recognised as the leading data protection and information law practice in Scotland and is top ranked in Chambers and Partners for its work. The team handles both transactional and advisory work for global organisations, other major corporates, technology vendors and a range of public authorities and charities across the UK.
The ideal candidate will possess robust expertise in advising clients on a wide array of data protection and privacy matters. This includes providing transactional support, offering advisory services, and ensuring regulatory compliance. In this role, you will work with a diverse client base across multiple sectors, delivering pragmatic and high-quality legal advice to help organisations navigate the complexities of data protection laws.
CORE TASKS
Transactional Support
- Advising clients on data protection implications in corporate transactions, including mergers and acquisitions, joint ventures, and business outsourcing.
- Drafting and negotiating data protection clauses in commercial contracts, such as data processing agreements and data-sharing arrangements.
- Conducting due diligence on data protection compliance for transactional deals.
Advisory Work
- Advising clients on compliance with UK GDPR, the Data Protection Act 2018, PECR, and other UK/EU data privacy regulations.
- Providing tailored advice on data subject rights, including managing subject access requests (SARs) and responding to regulatory investigations.
- Supporting clients in assessing and mitigating risks related to international data transfers, including SCCs, TIA processes, and Binding Corporate Rules (BCRs).
Policy & Compliance
- Assisting clients in drafting and updating privacy notices, data protection policies, and procedures.
- Assisting clients in conducting data protection impact assessments (DPIAs) and advising on high-risk processing activities.
- Advising on the implementation of internal data governance frameworks to ensure legal compliance and operational best practices.
Training & Awareness
- Delivering bespoke data protection training sessions to clients and their internal teams.
- Keeping clients informed about changes in legislation, case law, and regulatory guidance through briefings and thought leadership.
PERSON SPECIFICATION
Qualifications & Experience
- Qualified solicitor (Scots or England and Wales) with 4–8 years PQE in private practice or in-house (other levels may be considered based on experience).
- Significant experience in handling a diverse portfolio of data protection work, including both advisory and transactional matters.
- Proven ability to manage projects involving international data transfers, privacy policies, and compliance frameworks.
SKILLS
- Deep knowledge of data protection laws, including the UK GDPR, the EU GDPR (where relevant), PECR, and ICO guidance.
- Exceptional drafting, negotiation, and analytical skills with a keen attention to detail.
- Excellent interpersonal skills and the ability to build strong relationships with clients.
- Commercial awareness with the ability to provide pragmatic, business-focused advice.
- Proven ability to work under pressure, manage competing deadlines, and lead on complex matters with minimal supervision.
Desirable
- Experience in cybersecurity matters, incident response, and advising on emerging technologies such as AI.