Why you need GDPR Representation

Article 27 of the GDPR requires organisations established solely outside the UK or the European Economic Area (EEA) that regularly process residents’ personal data from these territories to appoint a Representative that:

Acts as the point of contact for data subjects and supervisory authorities; and

Enables supervisory authorities to pursue enforcement actions within the territories

During the transition period, it will be “business as usual” while the UK and the EU negotiate the UK’s withdrawal. It is not yet clear how these negotiations will impact the requirements around representation thereafter.

The UK Government’s current position is that both UK and EU representation will be needed after December 2020. In this case:

Organisations without a presence in the UK and the EEA will then need separate representatives in both territories

UK organisations will need a Representative in the EEA

EEA organisations will need a Representative in the UK