UK representative

By appointing us as your UK representative, you will be fully compliant with Article 27 of the UK General Data Protection Regulation (UK-GDPR).

Our representative service ensures your compliance with Article 27 of UK GDPR. We also provide a data subject access request (DSAR) portal to handle any requests you may receive from your UK data subjects or the UK Information Commissioner in a UK GDPR compliant manner.

When you appoint us as your UK representative, we provide the following:

Act as your representative in the United Kingdom

We will act on your behalf in the UK and may be addressed on all issues relating to your data processing activities and compliance with UK GDPR. As your representative, we will notify you of UK GDPR compliance and personal data requests we receive via mail or your data subject access request portal (DSAR).

Provide a UK presence

You may use our UK based business address as your UK GDPR representative address and nominate us as your representative in your privacy notices, including providing our contact information for all UK GDPR related communications.

Data subject access request portal

Your dedicated Data Subject Access Request (DSAR) portal enables you to collate, review and respond to all UK GDPR data subject and data protection authority requests. Your DSAR is fully compliant with UK GDPR data processing requirements.

Explore our contact portal and DSAR features

Maintain appropriate records

We maintain records of processing activities relating to your personal data processing requests, as required by UK GDPR Article 30.

How to comply with Article 27 UK GDPR

Article 27 of UK GDPR consists of four separate clauses, two of which (clauses 1 & 4) require action on your behalf to ensure compliance. Below is an explanation of each of the clauses and how you comply when you appoint us as your UK representative.

Article 27 (1):
"Where Article 3(2) applies, the controller or the processor shall designate in writing a representative in the United Kingdom."

When you register with our UK representative service, you (the controller or processor) designate us as your representative in the UK as part of the terms and conditions.

As long as we continue to act as your representative you remain compliant with this clause.

Article 27 (2):
"The obligation laid down in paragraph 1 of this Article shall not apply to:
(a) processing which is occasional, does not include, on a large scale, processing of special categories of data as referred to in Article 9(1) or processing of personal data relating to criminal convictions and offences referred to in Article 10, and is unlikely to result in a risk to the rights and freedoms of natural persons, taking into account the nature, context, scope and purposes of the processing; or
(b) a public authority or body. "

Paragraph 2 establishes when the obligations of Article 27 do not apply, e.g. If you are a public authority or body. There are no specific actions required by you under this paragraph.

Article 27 (3):
Omitted under UK GDPR

This paragraph has been omitted under UK GDPR. In the initial EU GDPR this paragraph established an additional requirement for your representative to be in an EU member state of one of your data subjects.

As United Kingdom is only one state, this paragraph became unnecessary and was removed by UK legislators.

Article 27 (4):
"The representative shall be mandated by the controller or processor to be addressed in addition to or instead of the controller or the processor by, in particular, the Commissioner and data subjects, on all issues related to processing, for the purposes of ensuring compliance with this Regulation."

When you sign-up for our UK representative service you (the controller or processor) provide this mandate to allow us to be addressed on your behalf as part of our terms and conditions.

Importantly, this clause establishes that we may be contacted "in addition to or instead of". This means data subjects still have the right to contact you directly if they choose.

Article 27 (5):
"The designation of a representative by the controller or processor shall be without prejudice to legal actions which could be initiated against the controller or the processor themselves."

Paragraph 5 establishes that your appointment of us as your UK representative does not exclude you from legal actions that may be initiated against you. There are no specific actions required by you under this paragraph to comply with Article 27.

It's that simple.

When you sign-up to our UK representative service you will be fully compliant with Article 27 of UK GDPR. Register today with our 30 days no-obligation introductory trial. No Credit Card required.