UK and EU representatives

We provide both UK and EU data protection representation

Article 27 of the General Data Protection Regulation (GDPR) requires that an organisation appoints a data protection representative in the country / region of the citizenship of the individuals whose personal data is processed.  E.g. if you process EU citizens data then you need to appoint an EU Representative.

Play Video

What are UK and EU representatives?

Article 27 of the General Data Protection Regulation (GDPR) requires that organisations that process data of citizens outside of their regulatory area (e.g. the UK for EU based organisations) have a data protection representative appointed in that area. 

For example, if an organisation is based in France but processes UK citizens data, it must under the GDPR appoint a UK representative.

An organisation based in the UK, that processes French citizens data must appoint an EU representative.

All organisations within the UK and EU have to be compliant with Article 27 of General Data Protection Regulation (GDPR) if they meet certain processing conditions.

Failure to comply with these requirements can lead to a breach in GDPR and significant penalties.

EU Data Protection Representative (GDPR)

Who needs to appoint an EU Representative according to Article 27?

Organisations who process data of EU citizens and do not maintain an establishment within the EU need to appoint an EU Data Protection Representative.

The EU Data Protection Representative is acting as an addressee for all matters of data processing for the purposes of ensuring compliance with the GDPR. This especially involves communication with supervisory authorities and data subjects.

What are the duties of an EU Data Protection Representative (GDPR)?

We provide such representation. We established this service to ensure that our UK based clients meet all legal requirements pursuant to the General Data Protection Regulation and other applicable legislation. We are aware that this representation is crucial for data protection compliance within the European region. Our team is composed of experienced consultants and a Data Protection Officer having the appropriate knowledge on data protection provisions in the EU.

 
UK Data Protection Representative (GDPR)

Who needs to appoint a UK Representative according to Article 27?

Organisations who process data of UK citizens and do not maintain an establishment within the UK need to appoint a UK Data Protection Representative.

The UK Data Protection Representative is acting as an addressee for all matters of data processing for the purposes of ensuring compliance with the GDPR. This especially involves communication with supervisory authorities and data subjects.

What are the duties of a UK Data Protection Representative (GDPR)?

We provide such representation. We established this service to ensure that our international clients meet all legal requirements pursuant to the General Data Protection Regulation and other applicable legislation. We are aware that this representation is crucial for data protection compliance within the European region. Our  team is composed of experienced consultants and a Data Protection Officer  having the appropriate knowledge on data protection provisions in the UK.

Offices in the UK and the EU

Data Privacy Services are based within the UK and the EU.

This means that we are able to meet your legal requirements for both UK and EU Representation services.

These services are vital for overall data protection compliance and cannot be undertaken by providers who do not have a base within both the UK and the EU.

Onboarding is easy

Onboarding Data Privacy Services as your UK or EU Representative is easy.

Simply complete the contact form below and we will initiate the onboarding process.  Typically, this takes about  a day to complete, we will then send you a letter of representation in relation to the service you have requested.

Pricing is straightforward, it depends upon the total number of employees and is paid by monthly subscription via GoCardless.

Point of contact

We operate as your designated point of contact for the data subjects in the region that we are assigned.

We also operate as a point of contact with your organisation and any regulatory authorities in that region.

Hold and maintain a record

As your appointed Representative, we will hold and maintain a record of the processing of personal data.

If you do not currently have a documented record of the processing, we can facilitate this as part of our professional services.

Customer Portal and support Model

Data Privacy Services offers all of their UK and EU Representative  customers access to their online Customer Portal.

This portal allows customers to raise support requests and to track their progress throughout the lifecycle of the request.

Pricing Tiers

All prices are exclusive of VAT.

Level 1

£ 25.00
Month
  • 1-5 employees. Representative services for small sized organisations. Service includes a point of contact in the required region and holding a record of the processing.

Level 2

£ 45.00
Month
  • 6-10 employees. Representative services for small sized organisations. Service includes a point of contact in the required region and holding a record of the processing.

Level 3

£ 65.00
Month
  • 11-50 employees. Representative services for small to medium sized organisations. Service includes a point of contact in the required region and holding a record of the processing.

Level 4

£ 90.00
Month
  • 51-200 employees. Representative services for medium sized organisations. Service includes a point of contact in the required region and holding a record of the processing.

Level 5

£ 135.00
Month
  • 201 -500 employees. Representative services for medium to large sized organisations. Service includes a point of contact in the required region and holding a record of the processing.

Level 6

POA
  • 500 plus employees. Representative services for large sized organisations. Service includes a point of contact in the required region and holding a record of the processing.

A representative you can trust

UK and EU Representation - Ensure you comply with Article 27

Managing compliance with the General Data Protection Regulation (GDPR) is not straightforward and often is a financial overhead that organisations find difficult to afford.

At Data Privacy Services, we like to support our clients in keeping their fixed costs low by providing these our outsourced services at an affordable monthly subscription.

We know that cashflow is king and compliance can sometimes fall down the priority list.  However, ensuring that you comply with Article 27 is crucial and reduces your risk of being found non-compliant with the GDPR.

Record of the processing

Don't worry if you don't have an existing record

Having a record of the processing (ROPA) is a legal requirement under both the UK GDPR and the EU GDPR.

We refer to this as a Data Processing inventory that needs to include such information as below:

  • Title and nature of the processing
  • Fields of data processed
  • Category of data processed
  • Legal basis for the processing
  • Data retention period applied to the processing
  • Security applied to the processing
  • Details of any third party involved (i.e. a data processor)
  • Data residency for this processing

 

We will be happy to assist you to complete the inventory. Contact us for more details.

Interested in engaging a UK or an EU Representative??

Please get in touch with our team and we will be able to quickly answer your enquiry.

Request a callback

Schedule a call with us using Microsoft Teams