Under the UK General Data Protection Regulation (GDPR), non-UK businesses that process the personal data of UK residents must appoint a UK Representative unless they fall under an exemption. Not appointing an UK GDPR representative could expose your company to large fines.
- Non-UK business: The business must be a non-UK business that processes the personal data of UK residents.
- Processing personal data: The non-UK business must process the personal data of UK residents either as a data controller or a data processor.
- No establishment in the UK: The non-UK business must not have an establishment in the UK.
- Offering goods or services: The non-UK business must offer goods or services to UK residents or monitor the behaviour of individuals in the UK.
- Appointing a UK Representative: If the above criteria are met, the non-UK business must appoint a UK Representative. The UK Representative should be established in the UK and designated in writing.
- Contact person: The UK Representative should be the point of contact for data subjects and the UK Information Commissioner’s Office (ICO) on all issues related to data protection.
- Responsibilities: The UK Representative must cooperate with the ICO on all matters related to data protection and comply with GDPR requirements, such as responding to data subject requests, maintaining records of processing activities, and reporting data breaches to the ICO.
Data Processors that operate in non-adequate 3rd countries, such as the USA, are coming under scrutiny at contractual stages due to the non-appointment of a representative.
Formiti Data International provide first-class UK Representative services for global organisations from startups to multinationals.