Legal Counsel & DPO @ Gorilla in Belgium Antwerp


+32 78 259 034

To apply for this job please visit

We’re at a turning point in history. Climate change is changing the world faster than ever before. Utilities will play a crucial role in the transformation of our society to fight climate change and become carbon-neutral, while at the same time making sure people and businesses can continue to use energy supply like they’ve been used to for so many years.

At Gorilla, we’re determined to not stay aside, but to make a real impact on the utility industry by providing data services that allow utilities to play the role they need to play in the quest for a net-zero society. By building something that solves a real problem, and by being the best at what we do.

Your responsibilities

The ideal candidate will have a strong background in commercial law and technology contracts and data protection and privacy regulations like GDPR (EU), CCPA (US/California), DPA (UK), APP (AU). Experience with SaaS in an international context is a nice-to-have. Said contracts will most often – but not exclusively – contain data processing agreements and commercial terms. Experience or affiliation with ISO27001 is expected. Ideally the candidate has experience in the Chief Information Security Officer (CISO) role. Knowledge of and interest in other security standards like SOC or similar is a bonus. The candidate is expected to be skilled in business process design, as they are an essential part of an effective security framework.

The Legal counsel & DPO will be responsible for the negotiation of sales contracts, including adding and processing redlines. They will strive to optimise and build internal knowledge of applicable law in each of our activity regions while leveraging external expertise where needed. Current relevant regions are the UK, EEA / EU, AU, NZ and US. They will work closely with our internal teams, customers, and partners to mitigate legal and security risks and ensure the protection of our (information) assets.

Finally, the Legal Counsel & DPO is responsible for the preparation and maintenance of the Data Room required during funding rounds. The Data Room will contain all required legal and extralegal documents to be scrutinised as part of the due diligence work preceding the fundraising. Coordination with corporate lawyers, auditors and controllers will be part of the due diligence process.

Your contribution

  • Draft, review, and negotiate international agreements and other legal agreements related to the company’s products and services. Agreements include NDAs, products agreements, service agreements and work orders, data processing agreements, and partnership and alliance agreements
  • Provide legal advice and guidance to internal stakeholders on a variety of legal matters, including contract interpretation and dispute resolution
  • Conduct internal investigations and manage external legal and regulatory inquiries as needed
  • Monitor and interpret changes in privacy and data protection regulation and advise the company on compliance requirements
  • Develop, implementing and maintain an information security strategy
  • Collaborate with cross-functional teams to develop and implement efficient and effective security policies and procedures to protect the company’s information assets
  • Enforce and maintain information security policies and procedures
  • Manage information security risk – like threats and vulnerabilities – by identifying, assessing, managing, and mitigate said risks
  • Maintain a legal & compliance register
  • Maintain a data processing register
  • Build and manage security awareness and training programs
  • Set up, maintain, and execute incident response and management procedures
  • Collaborate with the Technical Information Security Officer (TISO) to establish and maintain security operations
  • Orchestrate tool vendor screening, selection and management, based on the ideal policies and procedures for information management
  • Develop and deliver training programs to educate internal teams on legal and security best practices
  • Maintain accurate and up-to-date legal and security documentation and ensure appropriate controls are in place for access, retention and deletion of information