min. 55000
Vacancy Type:
13 Apr 2020
23 (GVC)
About The Role

With the expansion of the global privacy team and the increasing workload produced by the privacy programme, GVC’s Data Privacy team require additional legal and data protection support in some of our key offices.

We are looking for an English and German-speaking data protection lawyer with international experience to be based in our Vienna office, who may also cover other territories such as Germany and Bulgaria. This will, however, depend on business requirements such as Data Protection Officer appointments. Experience or knowledge of German data protection law is particularly desirable.

They should also be proficient with data protection laws in Austria, Bulgaria and Germany, affecting both customers who we market to based in those territories, as well as employees regarding their data protection rights.

This will also involve some work related to legal commercial matters, such as negotiating contracts with other third parties.

In particular, the individual will be able to work as part of the global privacy team to assist with the following key workstreams;

Privacy Lawyer

  • Negotiating Data Protection Addendum’s and Data Transfer Agreements;
  • Conducting due diligence on existing or new vendors (through the completion of data privacy assessments) and reviewing outputs on the OneTrust tool;
  • Providing legal advice on Data Subject Requests (mainly access and deletion) from Austrian and German individuals in particular (however may also include other requests from individuals based in Europe);
  • Draft and/or regularly update existing and new GVC policies, such as customer and employee-facing privacy notices, cookie notice and data retention policy;
  • Advising the business on applicable data protection law, including strategic advice concerning data on topics such as M&A due diligence, marketing initiatives, and any new or existing business projects that involve the use of personal data; and
  • Providing training to the business on applicable data protection laws.

Data Protection Officer

  • Being the point of contact in Austria and Germany for all data protection related matters;
  • Participate in internal or external forums or committees to discuss privacy matters, e.g. industry forum - the European Gaming and Betting Association, Regulatory workshops or internal DPO working groups;
  • Liaising with the business (and some cases the customer directly) on any questions or complaints made regarding GVC’s processing of their personal data;
  • Liaising with the Austrian and German Data Protection Authorities to inform them of any notifiable data breaches or in response to complaints made to the regulator;
  • Preparing regulator notifications to the Austrian and German Data Protection Authorities and assisting with investigations, in the event of a data breach;
  • Monitor the implementation of data protection processes and policies in place;
  • Advising on matters concerning data mapping exercises and the Record of Processing Activities for Austria and Germany;
  • Embedding privacy-by-design methodology throughout the business, specifically to the Austrian and German regions;
  • Identifying, conducting and reviewing privacy-specific assessments, including Data Protection Impact Assessments and Legitimate Interest Assessments; and
  • Advising employees on data protection laws and their rights, which may include attending employee forums or workshops.
Additional Information


  • 3 years’+ legal experience.
  • Degree-level qualified, such as Privacy or IT/Comms degree with a compliance add on.
  • Previous experience and knowledge of data protection laws, in particular the General Data Protection Regulation, the Austrian Data Protection Act, the German Federal Data Protection Act and other Austrian and German national data protection laws.
  • Multi-tasker and proactive self-starter.
  • Solid work approach and has the capacity to fulfil responsibilities with limited supervision whilst maintaining effective communications with the Chief Privacy Officer.
  • Strong oral and written communication skills to correspond with customers, suppliers and senior stakeholders across various teams and departments.
  • Process orientated and excellent attention to detail.
  • High degree of discretion and confidentiality in handling often sensitive team and business issues.



  • Sports Betting & Gaming experience.
  • Knowledge of international Data Privacy legislation.
  • Prior experience or knowledge with the OneTrust data privacy tool.
Relevant professional qualifications e.g. IAPP CIPM or CIPP/E.

Our Culture As Real As It gets

At GVC we're a diverse team, sharing a commitment to quality and success

Whether you're playing a key role in your local community as part of our retail team, or working out the next big gaming trends in our digital team, you'll enjoy a culture and a benefits package that we're extremely proud of.