From our humble beginnings, we have grown to a group of over 400 people spanning the globe from our headquarters in Canada to our offices in Malta, Dublin, Manila and Seoul.
We specialise in creating the best poker software and gaming experience on our flagship brand, GGPoker, which is now the world’s largest poker room.
We are perpetually on the lookout for passionate, creative, and dedicated people.
We are seeking a Legal & Privacy Counsel to join our team in Malta, and be responsible for the privacy framework of NSUS in its key markets, and to provide legal advice. The primary responsibility of this role is to act as the Group’s legal & privacy expert, to maintain the company’s privacy framework, and to ensure compliance with the applicable data protection legislation, and internal policies and procedures. This role will also include the responsibility to assist the Legal & Compliance team in other tasks, based on your experience and expertise.
Objectives:
- Be primarily responsible to ensure compliance with Data Protection and Privacy-related legislation in all jurisdictions in which the Company is present;
- Develop and maintain the Company’s compliance framework in relation to privacy and data protection, including drafting and updating policies and procedures;
- Monitor the Company’s adherence to policies and procedures;
- Stay up to date with new developments in the privacy and data protection world, both in terms of new legislation, as well new best practices, industry standards, papers published by authoritative bodies, and decisions of the courts;
- Conduct internal reviews and audits as may be necessary;
- Advise the Company on data protection and privacy matters;
- Ensure that any data that is processed, is processed legally and in accordance with the appropriate legal basis for processing;
- Ensure that Data Protection Impact Assessments are performed when necessary, and provide assistance and advice in drafting DPIAs;
- Participate in the design and rollout of new projects/products involving personal data to ensure privacy by design;
- Develop, review and update the Company’s public-facing privacy notices, including the Privacy Policy, Cookie Policy and privacy-related matters referred to in the Terms & Conditions;
- Develop, review and update the Company’s internal privacy matters, including HR policies relating to privacy and data protection;
- Ensure the appropriate classification of documents and data which include personal data;
- Maintain communication with the Information Security, Infrastructure and Technical teams to ensure that personal data is subject to appropriate security measures, and encrypted as necessary;
- Maintain appropriate Record of Processing Activities and data mapping documentation;
- Ensure that all employees are educated in their GDPR obligations and internal procedures, and ensure that evidence of training and refresher training is kept;
- Ensure that Data Subject Requests handled appropriately, and in a timely manner, and ensure that the Company is able to fulfil all Data Subject Rights;
- Manage the data breach process, including receiving data breach notifications, drafting internal reports, and notifying supervisory authorities and affected individuals where applicable, in a timely manner;Â
- Act as the main liaison with the Data Protection Authorities, and cooperate during any inspections and audits, as well as act as the primary contact point for all privacy and data protection matters with any other supervisory authorities.
- Draft and maintain Data Processing Agreements, and ensure that the Company’s processors have signed appropriate DPAs;
- Review agreements with third parties to ensure proper data governance, monitoring and enforcement, and lead any monitoring and enforcement efforts;
- Ensure that if data is being processed outside of the EU/EEA, that adequate security measures are in place to protect EU citizens’ data, and that information made appropriately available by the Company; and
- Ensure the correct implementation of data retention principles, including data deletion once this becomes necessary.
- Act as the Data Protection Officer, or any such other similar regulatory role related to privacy as may be required by the Company;
- Provide legal advice to the company;
- Fulfill any role within the Legal/Compliance area as might be required by the company from time-to-time.

Key Skills:
- MQF Level 6 Degree or higher education in law, privacy, information security, or a related field;
- Have proven experience and expertise in data protection laws and practices, particularly in Europe;
- Fluency in English (additional languages are considered an asset);
- Previous experience in the online gambling industry is considered a strong asset;
- Good legal/policy drafting skills;
- Ability to work independently and meet deadlines;
- Manage own workloads and meet deadlines determined by the urgency of requests;
- Attention to detail;
- Analytical and risk assessment skills;
- Excellent computer skills;
- Excellent verbal and written communication skills;
- Flexible and the ability to develop methodologies;
- Interacts with stakeholders in a professional manner.