UK representative required under the GDPR
Appoint our privacy officer as your representative in the UK to meet your GDPR obligations.
Our experts liaise with data protection authorities and data subjects in the UK on your behalf.
Does my company need a UK representative?
If your company does not have an office or establishment in the United Kingdom (UK), but conducts business with UK clients you may have to appoint a UK representative. Under Article 27 of the UK GDPR (General Data Protection Regulation) you must appoint a UK representative if you process personal data in the following contexts:
- offering goods or services to individuals in the UK (irrespective of whether or not they are free of charge), or
- monitoring the behavior of individuals in the UK.
This obligation applies to both controllers and processors.
How do I choose the best UK representative?
A UK representative can be an individual, a company or an organization established in the UK (e.g. a law firm, consultancy or private company).
The UK GDPR does not specify the minimum qualifications a UK representative must hold. However, it is strongly advisable to consider a representative that has a broad understanding of both legal and technical data protection issues to ensure efficient communication with the ICO.
What does the UK representative do?
UK representatives have to meet the following UK GDPR requirements in particular:
- Communicate on your behalf with the ICO and data subjects.
- Maintain your record of processing activities (ROPA) and make these records available to the ICO upon request.