What happens to GDPR due to brexit?

  • The UK GDPR is replacing the existing EU GDPR on 31st December 2020 at 11pm;
  • All the main principles, obligations and rights remain in place;
  • The existing EU GDPR will continue to apply, unchanged, in the countries of the EEA.


What should I do?

Being outside Europe will impact the following data protection matters in the UK:

  • International transfer of personal data, including the question of ‘adequacy’ and other safeguards;
  • You will need to appoint a representative in the EEA.


What are EU Representatives? 

  • UE Representatives act as point of contact for Lead Supervisory; Authorities and data subjects;
  • They need to be established in an EEA member state where your data subjects are based. 


EU Representative is not required if:

  • You have a branch, office or establishment within the EEA;
  • Public Authority;
  • Processing is occasional or low risk.


EU Representative is required if:

  • Offering goods and services;
  • Monitoring behavior;
  • You don’t have a branch, office or establishment within EEA.


Steps to be taken by the data controller or processor

  • Authorize the representative, in writing, to act on your behalf regarding EU GDPR compliance, and to deal with any supervisory authorities or data subjects in this respect;
  • Provide the Representative details to data subjects; 
  • Lead supervisory authorities.


Requirements for a EU Representative:

  • Maintain local records of processing;
  • Facilitate the organization’s communications with lead supervisory authorities and data subjects;
  • Must be able to efficiently communicate with the data subject, ideally in their own language.


Are you a UK based company in need of an EU Data Protection Representative?

We will help you.

Fill out the form below for more information.