Senior Tech Lawyer & DPO - Everypay (STL 0624)

About EveryPay

At EveryPay, we are on a mission to build the digital financial infrastructure that underpins e-commerce in Greece, empowering Marketplaces, and Merchants to thrive.

We are a team of enthusiastic young people, driven by our values to Empower Customers, work as a Team Together, Manage Risk and Get Stuff Done.

We are proud to have built the payments layer connecting most Greek Marketplaces and Merchants with world-class schemes like Visa and MasterCard. We service most Greek Marketplaces, including Greece’s largest and most successful marketplace: Skroutz. Our systems connect to thousands of banks, in Greece and abroad. Our tech processes tens of thousands of transactions every day – that’s €billions worth of e-commerce. If you have bought something online in Greece, chances are you have already used our payments product.

EveryPay is fully owned by the Skroutz Group of companies and is both a Tech Company and a Regulated Financial Services Institution. Therefore, you will be exposed to the world of the Tech Payments Sector and that of Financial Services.

How you will contribute to EveryPay's vision

We are growing our Legal team and we are looking for a talented Senior Lawyer with Data Protection Officer(DPO) Experience.

What you will be doing

Legal Advisory

• Provide expert legal advice and counsel on a wide range of matters, including intellectual property, software licensing, data protection, cybersecurity, e-commerce, regulatory compliance, and specifically PSD2 requirements.
• Advise clients on legal risks and potential liabilities associated with technology initiatives and contracts.

Privacy and Data Protection

• Serve as the Data Protection Officer (DPO) and oversee the company's data protection strategy and implementation to ensure compliance with GDPR, CCPA, and other relevant regulations.
• Advise on Data Protection issues, including handling Data Subject Requests and managing Data Breaches.
• Conduct regular training and awareness programs for staff.
• Cooperate with supervisory authorities on data protection matters.

PSD2 Compliance

• Provide legal guidance and ensure compliance with the revised Payment Services Directive (PSD2).
• Oversee the implementation of PSD2 requirements, including strong customer authentication (SCA), secure communication, and other regulatory technical standards (RTS).
• Stay up-to-date with PSD2 developments and advise the company on necessary adjustments to policies and procedures.
• Collaborate with internal teams to ensure PSD2 compliance is embedded in all relevant processes and systems.
• Contract Negotiation and Drafting
• Draft, review, and negotiate various types of contracts, including software licenses, service agreements, data processing agreements, technology transfer agreements, and PSD2-related agreements.
• Ensure that contracts align with legal and regulatory requirements and protect the interests of the organization.

Intellectual Property Protection

• Manage intellectual property portfolios, including patents, trademarks, copyrights, and trade secrets.
• Conduct IP due diligence in mergers, acquisitions, and technology transactions.

Compliance and Regulatory Affairs

• Stay up-to-date with relevant laws, regulations, and industry standards pertaining to technology, data privacy, cybersecurity, and PSD2.
• Assist in developing and implementing compliance programs to ensure adherence to legal requirements.

Litigation and Dispute Resolution

• Manage or collaborate with external counsel on technology-related litigation, disputes, and intellectual property matters.
• Provide guidance on potential legal actions and strategies for resolution.

Policy and Procedure Development

• Develop and implement internal policies and procedures related to technology, intellectual property, data protection, and PSD2 compliance.

Stakeholder Collaboration:

• Collaborate with cross-functional teams, including technology, product, and compliance teams, to ensure legal considerations are integrated into business decisions and initiatives.

Requirements

• Juris Doctor (JD) degree and active membership in a relevant bar association.
• Substantial experience (8-12 years) practicing law in the financial services or FinTech sector, with a focus on areas such as intellectual property, technology transactions, data privacy, cybersecurity, and PSD2 compliance.

• Proven experience as a Data Protection Officer (DPO) or in a similar role.
• Excellent communication and interpersonal skills, with the ability to influence and collaborate effectively.
• Demonstrated experience in leading cross-functional teams and managing stakeholders at various levels.

Personal Attributes

• In-depth knowledge of EU and Greek financial regulations, PSD2, GDPR, and other relevant data protection laws.
• Strong analytical, problem-solving, and decision-making skills.
• Excellent negotiation, communication, and interpersonal skills.
• Ability to work independently and collaboratively in a dynamic environment.
• Leadership skills and ability to mentor junior legal professionals.
• Proficiency in Greek and English languages.

Benefits

What’s it like to work at EveryPay?

• A great opportunity to contribute to EveryPay team's growth
• Being part of an environment that gives employees large goals, autonomy and mentoring, creates incredible opportunities, both for you and the company
• Competitive full-time salary
• Ongoing training and development
• Private Medical plan
• Access to books, online courses and relevant resources
• A hybrid model of work

As part of our dedication to the diversity of our workforce, Skroutz is committed to Equal Employment Opportunity without regard to race, color, national origin, ethnicity, gender, disability, sexual orientation or religion.

Disclaimer:

Skroutz collects and processes personal data in accordance with the EU General Data Protection Regulation (GDPR). We are bound to use the information provided within your job application for recruitment purposes only and not to share these with any unauthorized third parties. Please read our Recruitment Privacy Policy here .

The Company  EVERYPAY PAYMENT SERVICES SINGLE MEMBER SOCIETE ANONYME  (going forward referred to as “ EVERYPAY ”) collects CVs and Personal Data in order to proceed with the evaluation and selection of the appropriate employees. 

In the context of its compliance with the Regulation on Personal Data Protection (EU) 2016/679 (articles 13 and 14),  EVERYPAY provides you with all necessary information regarding the collection and processing of your personal data. 

The collected data are voluntarily submitted to  EVERYPAY  by you and consist of the data included and possibly attached to the CV that you submit to us and to any of its annexes. Indicatively, this data shall include name, contact phone number, e-mail address, educational and professional background, etc. 

EVERYPAY guarantees that your personal data will not be used for purposes other than those listed here, without your consent, where required. Your data will not be transferred to a third country (outside EEA), and the recipient of this personal data is  EVERYPAY . 

In case you do not enter into an employment relationship with  EVERYPAY , your CV will be permanently deleted from our files, unless you provide your consent, so that we can keep it for one (1) year after our last contact with you. In this case, your CV will be saved in a secure environment to which unauthorized Company personnel will not have access.  EVERYPAY  implements appropriate technical and organizational measures to ensure the legal and appropriate use of personal data processed, their security and protection and takes care to prevent any unauthorized access to this data. 

You have the right to revoke your consent to the process of your personal data whenever you wish. In this case, the legality of the processing that took place while your consent was in force is not affected. 

You can request a copy of your data, correct it, delete it, restrict its processing, or oppose such processing (including automated decision making and profiling), as well as exercise your right to portability upon relevant request. 

To exercise these rights, you can contact us here:  [email protected] or at the address: 25-29 Karneadou, 10675 Athens, for the attention of: Data Protection Officer. In addition, you have the right to file a complaint regarding the processing of your personal data to the Personal Data Protection Authority ( ). 

CONSENT FOR THE PROCESSING OF PERSONAL DATA 

By submitting your CV, you consent to the above processing of your personal data. You can revoke this consent at any time, by sending a relevant request to the email address:  [email protected] .