Our Service
EU/UK REPRESENTATIVE
Acting as EU Representative (for UK companies) or UK Representative (for EU companies) for the purposes of the GDPR / UK GDPR
Is this service right for me?
Customer 1
I live in New York and run a blog in Polish, and many people living in Poland subscribe to my newsletter
Customer 2
My Canadian company sells products to UK customers
Appoint an EU/UK Representative
EU/UK REPRESENTATIVE
This service is suitable for:
- companies that are based in outside the European Union (including Great Britain), but sell services or products - or offer them for free - to people living in the European Union
- companies that are based in the European Union, America, Australia, Africa or Asia and sell services or products - or offer them for free - to people living in the UK
Acting as a permanent EU or UK Representative for your company – we sign the contract online, make the necessary changes to your documentation and from now on we are officially the contact person for personal data subjects from the EU or UK, and we are also contacted – if necessary – by the competent unit supervising the application of personal data protection law – in Poland is the Office for Personal Data Protection (UODO), in Great Britain it is the Information Commissioner’s Office (ICO).
As part of this service, we will:
– notify you about any legal changes in the subject of GDPR / UK GDPR,
– keep a record of processing activities (“Record of processing activities”) in accordance with the requirements of art. 30 GDPR,
– represent you before the Polish Office for Personal Data Protection in the processing of personal data by your company regarding persons from the European Union and against personal data subjects (EU REPRESENTATIVE)
– represent you for the ICO (the English government entity supervising the application of personal data protection law in the UK) in the scope of processing personal data by your company regarding persons from the UK and towards personal data subjects (UK REPRESENTATIVE).
Who does the obligation apply to?
According to Art. 27 GDPR / UK GDPR, this obligation applies to most companies that are not based in the EU / UK and process personal data in connection with monitoring behaviour or in connection with offering goods or services directly to data subjects – in the EU / UK .
It does not matter whether the company charges for such goods or services or not.
Companies may be exempt from the obligation under Art. 27 if their processing is:
- occasional,
- does not include large-scale processing of special categories of data (such as personal data relating to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, sex life or sexual orientation, etc.)
- and is unlikely to result in a breach of privacy.
Companies should prove their exemption from the obligation to appoint an EU/UK Representative, e.g. through a post-audit document.
What is the role of the REPRESENTATIVE in accordance with Art. 27 GDPR/UK GDPR?
The Appointed Representative has a mostly passive role: he will be indicated in the privacy notice of the non-EU/UK company in accordance with art. 13.1 (a) and 14.1 (a) – as a contact person – instead of a non-EU/UK company – in particular in relation to communication with supervisory authorities and data subjects in matters related to data processing in order to ensure compliance with the regulations [within the scope of obligations under the GDPR/ UK GDPR in accordance with Art. 4 (17)].
Within the scope of active duties:
The representative keeps records of processing activities for a company outside the EU/UK (which is obliged to prepare and provide such documentation in accordance with Article 30).
The representative will also “cooperate” with the supervisory authority in accordance with Art. 31.
Who can companies appoint as REPRESENTATIVE?
Companies can designate either a natural person or another company. The representative may reside or be based anywhere in the EU/UK where the relevant data subjects reside. The same person or company may act as a Representative pursuant to Art. 27 and the Data Protection Officer in accordance with art. 37-39.
How to appoint?
Companies can appoint a representative by means of an informal letter, which does not have to contain more than one sentence.
Article 27 par. 1 only requires that the designation be ‘in writing’.
If the company appoints an individual or unrelated organisation, it should also enter into a separate service agreement to clarify obligations, remuneration, the right to terminate the contract and other terms and conditions.
Penalty for no EU/UK REPRESENTATIVE?
A business entity/organisation that, despite being subject to the obligation, does not appoint its representative in the EU or UK – may be subject to an administrative penalty:
up to 10 million EUR or 2% of the annual turnover – in the EU; or up to 8.7 million GBP or 2% of the value of annual turnover – in the UK.
Result
- You meet the legal requirement to appoint an EU/UK Representative
- You can be sure that personal data in your company is processed properly and safely, and in the event of an inspection from the ICO or complaints from personal data subjects, you know that there is someone to take care of it
£69/month or £599/year
EU OR UK REPRESENTATIVE
IF YOU NEED BOTH SERVICES, YOU GET 20% DISCOUNT
YOUR PRICE PER YEAR FOR BOTH - £958
Make an appointment for a free consultation
Go to the calendar, which will show you available dates.
Choose a day and time that suits you.
1 hour before the selected date of the online meeting - we will send you an email - a link to the meeting room.
See you soon
Free online meetingWe will help you implement personal data protection in your company
Your Key to Data Protection