UK Data Protection Representative – FAQ
Is an EEA Representative and a UK Representative requirement the same?
EEA Representative:
This section applies if you are a Non-EEA based controller or processor:
- offer goods or services to individuals in the EEA;
- or monitor the behaviour of individuals in the EEA,
Must be established within the EU.
UK Representative:
This section applies if you are a Non-UK based controller or processor:
- offer goods or services to individuals in the UK;
- or monitor the behaviour of individuals in the UK,
Must be established within the UK.
The UK government intends that after the transition period ends, the UK version of the GDPR will say that a controller or processor located outside the UK – but which must still comply with the UK GDPR – must appoint a UK representative.
Will I need a UK representative if there is a BREXIT Agreement?
Regardless of any BEXIT agreement, the UK will no longer be part of the EU on the 1st January 2012. This means that the one stop shop for EEA Representatives no longer applies.
If you process EU personal data you will still need an EEA Representative, in addition if you also process UK personal data you will in most cases need a UK Representative.
I have an EEA Representative; do I also need a UK one?
You only need a UK Representative if you process the personal data of UK citizens and fall under the rules of Article 27 of the GDPR. (We are not anticipating the requirements differing for the UK and the UK Supervisory Authority has the same expectation).
When do I need my UK Representative to be in place?
If you need a UK Representative, then legally they should be in place on the 1st January 2021. If that feels like a tight timescale then the next best thing is to have a plan and aim to get one in place as soon as possible.
GDPR Auditing can become your UK Representative on a same day turnaround in an emergency, or typically 2-3 days if there is no immediate rush.
Can I be excluded from requiring a UK Representative?
You do not need a UK representative if you do not fall into the following criteria of:
- offer goods or services to individuals in the UK; or
- monitor the behaviour of individuals in the UK,
You also no not need a UK representative if the data you are processing is not personal information. I.e. according to the GDPR Article 4 (1).
‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’)
Who can be my UK Representative?
Your UK representative may be an individual, or a company or organisation established in the UK.
They must be able to represent you regarding your obligations under the UK GDPR/DPA 2019 (e.g. specialist data protection consultancy like GDPR Auditing). In practice the easiest way to appoint a representative may be under a simple service contract. GDPR Auditing can have you covered in less than 24r hours.
I have been processing EU personal data without an EEA representative, why do I need one in the UK?
If you legally did not need an EEA Representative and were processing EU personal data including UK personal data, then you are unlikely to need one in the UK. However, we would advise that you get a professional opinion on whether your processing is currently legal.
If you have been processing EU personal data without an EEA Representative and legally you should have had one then you may need a UK Representative. This will depend on whether your processing falls into the required status as explained at the top of this FAQ.
Do I need a UK Representative if the UK data is not considered personal data?
If the data you are processing is not considered UK Personal Data then you will not need a UK Representative.
How much is a UK Representative going to cost?
Unless you are, or are planning to becoming ‘established’ in the UK then subscribing to GDPR Auditing for UK Representation is the next best thing.
Not only are we GDPR and Data Protection Act Specialists we also are one of the few consultancies who understand International Transfers.
Our prices are based on the size and complexity of your organisation and the potential volume of queries we will be able to help you with.
We provide a personal service on a one to one basis direct to one of our consultants, no contact centres, no IVR, no hiding behind a website.
Prices start from a little as £100 GBP per month.
Please fill in your details below for a full quotation:
We will only use the information you provide to respond to your enquiry and will keep it for 14 days after the last correspondence with you and then remove it, unless you become a customer and then your data will be stored and processed in line with our privacy policy.
Found out more about our UK GDPR Representative service.
