The need to assure data privacy remains an ongoing responsibility for businesses, even after BREXIT. This means that a non-established business holding significant amounts of personal data of natural persons within the UK may have to consider whether they need GDPR Representation in the UK in order to comply with UK Data Protection laws.

GDPR Representation is available through our sister company
GDPR Representation services for both the UK and EU are offered through our sister company: Article 27 Representation, located in both the UK and Irish Republic

EU and other foreign businesses holding and processing the personal data of UK citizens must now comply with the UK-version of the General Data Protection Regulations (GDPR) or face penalties of a equivalent scale to its EU counterpart.

This regulation is applicable to all organisations that:

  • Are offering goods or services to, or monitoring the behaviours of, data subjects in the United Kingdom;
  • Processing any personal data on a regular basis; and/or
  • Such processing may affect the rights or freedoms of natural persons.

How Can We Help?

Through our sister company: Article 27 Representation, we can act as your appointed data protection representative in the UK. This ensures that you meet the minimum threshold level for data protection compliance in the UK (see below).

What Is The Role Of A Data Protection Representative?

Your representative acts as the principal point of contact between UK-based data subjects, the supervisory authority for the UK; the Information Commissioners Office (ICO), and your business.

In order to act in this capacity, the data representative requires the following information as a minimum:

  • a letter of authority from you as data controller, appointing them to act on your behalf, as a sub-processor; and
  • a copy of the Record of Processing Activity, which essentially summarises all of the personal data your organisation collects, where it is held and the reasons why it is held and processed.

What Happens Next?

Once you have appointed a representative, you are then able to add their details to the privacy statement on your website, informing your British clients who to direct their enquiries to. Additionally, the representative liaises with the ICO in all instances of complaints or in the event of a data breach.


Failure to appoint a data representative when your business is non-established in the UK can expose it to the potential risk of fines. This could be the greater of 2% of global turnover, or £8.38m.

To find out more about how we can help you meet your data protection obligations, contact us now for a free no-obligation consultation.