Article 27 of the GDPR requires 

The GDPR representative is appointed to:

* Act as the point of contact for the data subjects and supervisory authorities.

* Enable supervisory authorities to pursue enforcement action within the territories.

The UK Government's current position regarding UK representation is that there will be a requirement from December 2020 on-wards. In this case:

* Organisations with no presence in the UK and the EEA will then need separate representatives in both territories.

* EEA organisations will need a Representative in the UK, as well as UK organisations needing one in the EEA. 

The Position & Responsibilities Of A Representative


  • Co-operate with relevant supervisory authorities.

  • Manage conversation between the data subjects and your organisation. 

  • Be accessible to data subjects in all relevant member states. 

  • Maintain a RoPA (Record of Processing Activities) in accordance with Article 30 of the GDPR. 

  • Facilitate supervisory authorities to contact the Representative in the case of enforcement action for the noncompliance of the organisation they represent.

The Position

The representative:

  • Is appointed to represent data controllers or processors that are not established in the UK. 

  • Required to be established in one of the member states where the controller or processor's data subjects reside. 

  • Can be subject to enforcement proceedings for noncompliance by the controller or processor. 

The representative can be a person or a company, but must have one lead contact assigned.

The Representative must appear on your privacy policy as the contact for EU data subjects and regulators. 

Your GDPR Representative Will Work With You To...

Set up your GDPR Representation

Provide ongoing GDPR Representation

  • Maintain & update your RoPA.

  • Respond to queries from UK data protection authorities.

  • Log & report any breaches where appropriate.

  • Receive and log data subject rights requests, as well as advising on suitable responses.

  • Advise on data protection regulatory issues that can/will impact your organisation.

  • Ensure your privacy policy displays the correct contact details of the Representative.

  • Understand dataflows.

  • Review previous gap analysis & impact assessments.

  • Ensureadequate security measures are being taken to protect resident's data.

  • Be aware of any previous breaches or noncompliance.

  • Establish a copy of your RoPa.


Contact Us


Unit 102, Brighton Eco-centre, Brighton, BN1 3PB

Company No: 10313938

VAT No: 295 4329 71