Skip to Main Content
This website uses cookies. View our cookie policy
United Kingdom
Select regional store:
Online exclusive! Receive a free eBook when you purchase a training course or toolkit - for a limited time only!
GDPR EU Representative

GDPR EU Representative

SKU: 4969
Format: Consultancy

Our EU representative service enables companies outside the EU that fall within the scope of the GDPR to meet their obligations under Article 27.

For more information about this service or to get a tailored quote for your organisation, please enquire below and one of our experts will be in touch shortly.Enquire about this service

Appointing an EU representative

Organisations outside the EU that offer goods or services to individuals in the EU or monitor their behaviour will generally have to appoint a representative established in an EU member state. The representative acts on your behalf in relation to your personal data processing activities and acts as a local contact for data subjects and supervisory authorities.

Our GDPR EU representative service

With this annual subscription service you will be supported by our qualified data privacy, legal and compliance team (GRCI Law1), which will serve as your EU representative as set out in the GDPR.

As appointed EU representative we shall:

  • Register our EU address as your GDPR representative address;
  • Be addressed on all issues related to your personal data processing activities;
  • Act as first point of contact for communications received from EU-based data subjects in relation to data subject rights requests and other general GDPR-related enquiries;
  • Act as first point of contact for communications received from EU supervisory authorities and liaise with them on all matters pertaining to the GDPR, e.g. responding to data subject rights complaints and personal data breach reporting; and
  • Hold a record of your processing activities and make these available to the data protection authorities at their request.

Data protection if there's a 'No Deal' Brexit scenario

On the 13th of September 2018, the UK Government published its technical notice, entitled: “Data protection if there’s no Brexit deal”. The notice details the UK Government’s plans for maintaining UK data protection legislation if the UK leaves the EU without an agreement - i.e. in a so called ‘No Deal’ scenario. 

The technical note reflects the fact that the free flow of personal data between the UK and the EU is vital to maintaining the current economic relationship and ongoing co-operation on security between the UK and EU and confirms that both sides are committed to maintaining a high standard of data protection.

Appointing a GDPR representative in the UK

In the event of a ‘No Deal’ scenario, the UK Government will use the EU Withdrawal Act (which retains the GDPR in UK law and gives the government the power to make appropriate amendments to ensure that it works effectively in a UK context) to make the following amendments to the applicable UK laws (e.g. the Data Protection Act 2018) to bring them in line with GDPR and so that local law suits local requirements – e.g. by replacing references to “Union or Member State law” with “domestic law” and substituting references to “decisions made by the EU Commission” with references to “decisions made by the UK Government”, etc. 

The UK Government calls this ‘plan’ the ‘No Deal’ framework and these are some of the key components which are important to consider and which we can help you with. View the DCMS’ Guidance here

UK representation for controllers

Where article 3(2) of the EU GDPR applies, article 27 of the EU GDPR requires a controller or processor not established in the EEA to designate a representative within the EEA. The requirement does not apply to public authorities or if the controller/processor’s processing is only occasional, low risk, and does not involve special category or criminal offence data on a large scale.

The Government intends to replicate this provision to require controllers based outside of the UK to appoint a representative in the UK.

GRCI Law1 is already acting as the EU Representative for non-EU based Controllers and are able and ready to do the same for any non UK based Controllers that need to appoint a UK Representative in the event of a ‘No Deal’ scenario. 

1The EU Representative service is provided by GRCI Law Limited (GRCI Law), a specialist in data privacy, cyber and information security legal & compliance advisory services (and a subsidiary of GRC International Group plc)

Customer Reviews

(0.00)stars out of 5
# of Ratings: 0