
EU data protection law will no longer apply to the UK when the Brexit “transition” period ends on 31 December 2020.
This will change the data protection landscape for organisations in the UK. It will also change the legal rules for some organisations in the rest of the European Economic Area (EEA) and elsewhere in the world.
As part of these changes, there will be new requirements to appoint GDPR representatives.
This will potentially affect organisations in three categories.
1. Organisations based in the UK will need to consider whether they need an EU representative to comply with the EU’s GDPR.
This is likely to be the case for UK organisations that have no physical presence in the EEA (such as a subsidiary, office or employees) but either:
2. Organisations based in remaining EEA countries will need to consider whether they need a UK representative in order to comply with the new “UK GDPR”.
This is likely to be the case for organisations that have no physical presence in the UK, but either:
3. Organisations in the rest of the world (with no physical presence in the UK nor in remaining EEA countries) may need:
Both the EU GDPR and the new “UK GDPR” allow exceptions from the requirement to appoint a representative.
There’s one exception for public bodies. There’s another exception for organisations that only carry out occasional, low-risk processing of personal data, and don’t process special category data to a significant degree.
But the exceptions are designed to be narrow, so are unlikely to apply to the majority of commercial organisations.
After 31 December 2020, the new “UK GDPR” will closely mirror the EU GDPR.
This means that, at the start, a UK representative is likely to have the same role in the UK as an EU representative carries out in the EEA. This will include communicating with data subjects and regulators and managing the records of processing that are required by Article 30 (under both the UK GDPR and EU GDPR).
There’s a possibility that the UK law and EU law may diverge over time. But there’s no sign yet of significant changes on either side.
We’re based in Ireland and have a subsidiary in the UK.
This means we can serve each of the three categories of organisations described above.
In other words, we act as:
We offer detailed service guarantees that cover every situation –including litigation and investigations. Our fixed monthly fees cover all our time, for the lifetime of your subscription – no matter what happens.
To find out more, you can read our FAQs or contact us.