Posted in Uncategorized

Appointing a UK – EU GDPR Representative Your Guide

   August 3, 2022  Leave a Comment on Appointing a UK – EU GDPR Representative Your Guide


Many things have happened over the last fifteen months, Brexit, Covid, employees working from home, the furlough of employees etc having impacted organizations. But the impact of Brexit on the UK DPA 2018 and EU GDPR article 27 appointment of an EU -UK representative has flown under the radar leaving many organizations non-compliant with one or both legislations. Both UK and EU organisations are impacted due to the fact that the UK  is  no longer a member of the European Union  

Appointing EU GDPR  Representative 

  Under the EU GDPR, data controllers and processors located outside the European Union offering goods or services to, or monitoring the behaviour of, data subjects in the European Union are mandated to appoint an EU representative.  The EU representative is a local point of contact for the organisation they represent, who communicates with individuals ( data subjects) and data Data Protection Authorities in each of the member states on behalf of the organisation in relation to data protection matters.  

Appointing a UK DPA 2018 Representative ( UK GDPR)

  Under the UK DPA 2018 known as the (UK GDPR) non-UK controllers and processors located outside of the United Kingdom offering goods or services to, or monitoring the behaviour of data subjects in the United Kingdom are mandated to appoint a UK Representative The UK representative is a local point of contact for the organisation they represent, who communicates with individuals ( data subjects) and the UK commissioner in ( ICO) on behalf of the organisation in relation to data protection matters.  

Do I have to appoint both EU and UK Representatives?

  International companies outside of both the EU and UK that offer goods or services to, or monitor the behaviour of data subjects in both the UK and EU are mandated to appoint both an EU representative and a UK representative.  

Can I appoint a Representative to provide both EU and UK GDPR Representative services?

  Yes if the Representative has a presence in both the EU and UK they can provide both Services and would have the advantage of your organisation’s operations across both EU and UK. Appointing one representative body can save budget through available discounts possible.  

What are the duties of an EU Representative? 

The EU  Representative will perform the following

  •  Act as a local point of contact for data subjects and supervisory authorities on all matters pertaining to the processing of personal data;
  •  Retain and maintain an accurate record of your processing activities (ROPA) as mandated in  Article 30 of the EU GDPR and, when requested, make the ROPA available to relevant supervisory authorities;
  •  Precipitate communications between your organisation and data subjects;
  •  Precipitate communications between your organisation and the EU supervisory authorities; and
  •  Work with supervisory authorities on your behalf where required.

What are the duties of a UK Representative? 

The UK Representative will perform the following

  •  Act as the  local point of contact for individuals  (data subjects) and the Commissioner (ICO)  on all matters pertaining to the processing of personal data;
  •  Retain and maintain an accurate record of your processing activities (ROPA) as mandated in  Article 30 of the DPA 2018 ( UK GDPR)  and, when requested, make the ROPA available to the commissioner (ICO) ;
  •  Precipitate communications between your organisation and data subjects;
  •  Precipitate communications between your organisation and the commissioner (ICO); and
  •  Work with the commissioner (ICO) on your behalf where required

What do you need to consider when appointing an EU and/or a UK representative?

  • Assess where you need a representative (the UK / EU) or both  considering your current and future business operations
  • Consider whether your business foresees an expansion that will lead to a new market. Will you need a representative in the UK and/or the EU or other global regions such as Asia as a result of this?
  • Find the best business option to minimise the cost of appointing representative(s) (e.g. a representative located in the jurisdiction required).
  • While a UK representative is relatively straightforward in terms of the representative’s location, non-EU organisations will need to assess carefully when choosing where to appoint their EU representative.
  • If an organisation processes data from individuals in multiple EU countries, the representative must remain easily accessible to the individuals in all those countries and must be able to communicate in the language used by the individuals and supervisory authorities of each of those countries.
  • Look for representatives that allow unlimited interactions and support by phone and email.
  • Constantly review your record of processing activities and update it and send it to your representative ASAP.

Formiti offers comprehensive representative services for the EU and the UK and other global countries and regions and if you need both, our clients  get the second service with a 50% discount click here 



Source link

Author: Formiti Data Privacy Consultancy Blog

Leave a Reply

Your email address will not be published.