Skip to Main Content
United Kingdom
Select regional store:
Get 25% off training for life with the IT Governance Rewards Club. Book a selected classroom or live online course today to qualify!
GDPR EU Representatives – market to EU residents.

GDPR EU Representative

SKU: 4969
Format: 3-month service: Small (fewer than 20 staff)
Format: 3-month service: Standard (20-50 staff)
Format: 3-month service: Enterprise (up to 500 staff)

Our EU representative service enables organisations outside the EU that fall within the scope of the GDPR (General Data Protection Regulation) to meet their obligations under Article 27. This includes UK organisations after Brexit, and applies to any organisation that monitors the behaviour of, or offers goods and/or services to, EU residents.

  • Available as a 3-month or 12-month contract, depending on your needs.
  • Ensure compliance with the GDPR in relation to representation in the EU for data subjects and supervisory authorities.
  • Simple and cost-effective solution for organisations processing EU residents’ data.

Buy now, pay later! Enjoy the benefits of paying by purchase order with an IT Governance corporate account. Apply online today or call our training sales team on 44 1474 556685.

This service is provided by IT Governance’s sister company GRCI Law Limited, a specialist in data privacy, cyber security, and legal and compliance advisory services.

Price: £900.00
ex vat


Appointing an EU representative

Organisations outside the EU that offer goods and/or services to individuals in the EU or monitor data subjects’ behaviour are generally required to appoint a representative established in an EU member state. The representative acts on your behalf in relation to your personal data processing activities, and acts as a local contact point for data subjects and supervisory authorities.

Prepare for Brexit with a monthly contract

With Brexit looming, we’re offering this service as a three-month contract, enabling you to prepare for a no-deal Brexit without being locked into a lengthy contract if Brexit is delayed.

Payment options for our EU representative service

Contract type Three month contract Annual subscription
Contract length Flexibility to end or extend your contract after three months –ideal for organisations waiting for more clarity about Brexit 12-month minimum contract
How to buy Buy online, or contact us if you have more than 500 staff Contact us for a quote
Suitable for Organisations that only need an EU representative in the event of a no-deal Brexit, and want the flexibility to cancel in the event of a postponement Organisations that need an EU representative regardless of Brexit

Our GDPR EU representative service

With this service you will be supported by our qualified data privacy, legal and compliance team (GRCI Law Limited), which will serve as your EU representative as set out in Article 27 of the GDPR.

As your appointed EU representative, we shall:

  • Register our EU address as your GDPR representative address;
  • Be addressed on all issues related to your personal data processing activities;
  • Act as first point of contact for communications received from EU-based data subjects (exercising their rights or making general GDPR-related enquiries);
  • Act as first point of contact for communications received from EU supervisory authorities and liaise with them on all matters pertaining to the GDPR, e.g. responding to data subject complaints and reporting personal data breaches; and
  • Hold records of your processing activities and make these available to the data protection authorities at their request.

Getting help with data transfers after Brexit

It’s not enough to simply appoint an EU representative before Brexit. You also need to ensure any data transfers to and from the EU are lawful, which may mean you need to put SCCs (standard contract clauses) or BCRs (binding corporate rules) in place. We can offer support with all contracts and legal documentation relating to data protection.

Read more about GDPR contract and legal services >>

UK data protection law in a no-deal Brexit scenario 

If the UK leaves the EU with no withdrawal agreement, there will be no transition period and it will be classed as a third country from exit day.

UK organisations that process EU residents’ personal data will need to review their data processing activities to assess whether they remain lawful under the GDPR from that point.

Don’t fall out of compliance – appoint your EU representative today.

Learn more about data protection law after Brexit >>

Appointing a GDPR representative in the UK

TThe UK government intends to replicate Article 27’s provision to require non-UK controllers that process UK residents’ personal data to appoint a representative in the UK in the event of a no-deal Brexit.

GRCI Law1 is already acting as the EU Representative for many non-EU-based controllers and can also do the same for non-UK-based controllers that need to appoint a UK representative. Please contact us for details. 

1The EU Representative service is provided by GRCI Law Limited (GRCI Law), a specialist in data privacy, cyber and information security legal & compliance advisory services (and a subsidiary of GRC International Group plc)

Why GRCI Law?

The GDPR EU Representative service is delivered by IT Governance’s sister company GRCI Law, and has been developed specifically to cater to the needs of organisations trying to comply with the GDPR and DPA (Data Protection Act) 2018.

  • Unlike other organisations, GRCI Law is a specialist legal consultancy, which means we only advise on issues related to data protection, privacy and cyber security.
  • GRCI Law’s team of qualified lawyers, DPOs (data protection officers), solicitors and barristers has decades of experience in privacy and information/cyber security compliance programmes, and personal data solutions for high-profile organisations.
  • GRCI Law takes a strategic approach to assessing and managing your data privacy needs, aligning standards and best practices with your operational and business requirements.
  • As a sister company of IT Governance, you have direct access to cyber security specialist expertise, if needed.
  • Our team has experience with global multinationals, international banks, investment firms and leading law firms, healthcare providers, world-leading educational institutions, the European Council, and UK law enforcement organisations.

Download GRCI Law’s corporate brochure to find out more about their services.

Customer Reviews

This website uses cookies. View our cookie policy