Bruce & Butler provides local representation and translation services both in the UK and any of the 27 member states across continental Europe.
You can always remain compliant with Article 27 of the GDPR even if you only process the personal data of data subjects that reside in the UK or a specific EU member state.
After 31st December 2020, at the end of the transition period, Data Controllers or Data Processors located outside the UK that process the personal data of individuals within the UK will need to appoint a “UK Representative”.
EU law will continue to require organisations based outside the EEA (including the UK) that process data on individuals within the EU, to have an “EU Representative”.
If an organisation processes personal data of data subjects residing in a limited number of EU states, then its Representative should have a presence in one of those states.
The appointed representative cannot be your Data Protection Officer.
Your representative may be an individual, or a company or organisation established in the EEA, and must be able to represent you regarding your obligations under the EU GDPR.
You should give details of your representative to EEA-based individuals whose personal data you are processing. This may be done by including them in your privacy notice or in the upfront information you give them when you collect their data. You must also make it easily accessible to supervisory authorities – for example by publishing it on your website.
The Representative is required to: