Mid-Senior Level Digital Regulation, Data Protection and Cyber Security Lawyer (Tech/Digital) (Hiring Immediately)

Who we are

We are one of the largest international law firms in the world. With over 30 offices across the globe, we strive to exceed the expectations of our clients, providing them with the highest-quality advice and legal insight, which combines the firm’s global standards with in-depth local expertise.

Our firm, work and people span jurisdictions, cultures, and languages. We offer our clients a truly international perspective. We believe every career should be rewarding and stimulating - full of opportunities to learn, thrive, and grow. That’s why we’re so proud of our inclusive, friendly, and team-based approach to work.

You’ll find our clients in commercial and industrial sectors, the financial investor community, governments, regulators, trade bodies, and not-for-profit organisations. But no matter who they are or why they’ve reached out to us, we provide a world-class service every step of the way. And that’s possible thanks to the entrepreneurial spirit and conscientious approach to work that you’ll find across all of our teams.

Whichever area of the business you join, you’ll become an integral part an innovative, diverse and ambitious team of people. Clifford Chance is a place where the brightest minds and the best of colleagues meet.

Group overview

Clifford Chance's London Tech//Digital Group sits within our London Corporate Practice. Recognising that technology underpins every aspect of business, significantly impacting business models, growth strategies, and day-to-day decisions, our team looks after the evolving needs of a wide group of clients, including technology companies, corporates, financial institutions and investors spanning every sector.

Our lawyers cover a range of technology-centered issues – we tackle the most pressing legal and regulatory issues impacting technology implementation and use in business on a global scale, including digital regulation, artificial intelligence, data privacy and protection, cyber and information security, and tech public policy. We also lead on tech M&A, business process and IT outsourcings, telecommunications, complex technology arrangements and business separations.

Our group is market-leader in providing innovative solutions to both the tech industry and across the range of other sectors to which we provide legal support. We have substantial global resources, with dedicated Tech//Digital teams and a global cross-practice Tech sector focused group.

Below is a sample of our recent mandates:

Data Protection and cybersecurity

• Advising various global clients on ongoing compliance programs in relation to the EU and UK GDPR, NIS/NIS2 Directive, ePrivacy Directive/PECR, and eCommerce Directive. This includes programmatic data protection advice on new products and services, reviews of lawful bases, data protection impact assessments, data retention and transparency.

• advising on the design and implementation of a global tech, data and cyber security strategy, including managing data protection compliance projects across Europe, the US and APAC, with a focus on data retention and international transfers

• Supporting a US-headquartered technology company with global, follow-the-sun data breach and cybersecurity incident response across critical markets, including incident assessment and notification, coordinating forensics reviews, senior management support, public relations and communications, legal documentation and regulatory engagement through to case closure.

• Advising on a global framework for cyber incident response, proactive and reactive customer and regulatory engagement in key markets, including global regulation and risks dashboards, incident run-books and support with ongoing remediation measures.

• Supporting a global mining corporation with cyber incident response during a supply chain ransomware attack, involving notifications to regulators across 20+ jurisdictions and management of follow-on regulatory engagements

Digital Regulation

• Advising a US headquartered technology company on strategic, regulatory, compliance and public policy advice on emerging European digital regulation including the Digital Services Act, Digital Markets Act, Online Safety Act, Data Act, Cyber Resilience Act, Digital Operational Resilience Act and AI Act.

• Advising a selection of global technology companies on the applicability of the EU Digital Services Act, including key criteria, compliance requirements and regulatory engagement options, during a period of heightened regulatory interest

• responding to a US headquartered Fortune 100's RFIs and enforcement action relating to existing and emerging data laws such as the EU AI Act and Online Safety Act

• advising a global automotive manufacturer on its AI risk management and oversight framework globally, including in the UK, EU, US, China and other countries where it operates. Our role is broad and global, including regulatory, policy, privacy and data protection, contract, commercial, IP/copyright, governance, and risk and compliance considerations.

• advising a U.S.-headquartered technology company on a range of business critical global and regional AI law and policy instructions. Our mandate covers full-circle advice to senior European and global legal leadership on the development and deployment of new AI products and services, proactive government and regulatory policy engagement, compliance programs for new and existing AI laws, high-value tech contracting and cross-border incident response

• Advising a Fortune 500 global PC business on the development of a negotiation handbook for their global in-house legal teams to use as a tool during the negotiation of AI service contracts, ensuring that the legal teams are well-equipped to handle the unique challenges these contracts present.• providing comprehensive AI support, including responding to policy consultations, designing AI transparency and risk management frameworks and advising on AI contracting strategies and compliance with global regulations

• Working with a global investment firm on the development of frameworks for the firm and its portfolio companies to engage with and develop AI systems.

Regulatory Engagement and Public Policy

• Strategic and compliance advice in relation to EU/UK AdTech law and guidance, including the ePrivacy Directive, EDPB and GDPR supervisory authority guidance and European Commission voluntary proposals.

• Public policy, regulatory engagement and compliance advice relating to children's rights and e-safety codes of practice, guidance and legislation in the UK and Europe, including the ICO's Children's Code, DPC Ireland Guidance On Processing Children's Personal Data and proposed EU-wide guidance on children's privacy.

• Horizon scanning and strategic legal advice in relation to global data protection and cybersecurity laws, including telecoms and cloud computing, artificial intelligence, digital infrastructure and online safety.

The role

Who you will work with

As a key part of the London Tech//Digital strategy, you will help support our banking, financial investor, corporate and technology clients. You will work in a close-knit London TechDigital team (of data privacy and digital regulation, IT/outsourcing, telecoms and M&A specialists), co-ordinating efforts across the Firm on strategy, client/business development and thought leadership. You will often work as part of cross-border and interdisciplinary teams to advise on strategically important matters, ensuring compliance with local laws and business requirements.

What you will be responsible for

As an associate or senior associate in our leading practice, you will work at the forefront of the market across a diverse range of technology-focused work including:

• Designing and implementing regulatory compliance programmes for compliance with incoming digital regulations, including the EU Digital Services Act, Digital Markets Act and the Data Act.
• Advising on AI governance, compliance with AI regulation and the adoption of generative AI, LLMs and other AI products.
• Assessment of lawfulness of new products and services, including conducting data protection impact assessments.
• Designing and implementing data transfer strategies, both on an intragroup basis and to third parties, including designing and conducting risk assessments in relation to the adequacy of appropriate safeguards.
• Advising on the prevention and management of cyber incidents, regulatory enforcement proceedings and any related disputes.
• Advising clients in relation to the exercise of data subject rights.
• Supporting clients on data protection issues in relation to corporate transactions, including working on due diligence and drafting data protection warranties and indemnities.
• Drafting and reviewing strategic commercial, IT, AI and software agreements.
• Advising on regulatory engagement, consultations, inquiries, enforcement involving UK, EU and other international regulators.
• Developing relationships with clients and actively engaging in business development and thought leadership initiatives and seeking out opportunities for new work.
• Drafting legal documents clearly and concisely, creating solutions using legal knowledge and commercial judgement to advise and support leading multi-national corporates.

Your experience

• You will have a solid background as a mid to senior level lawyer within the Tech and Data space, p]]>