What US companies should know about Brexit and the Data Protection Representative

Brexit And The GDPR: Does Your US Business Need Two Data Protection Representatives?

Since January 1, 2021, the UK is no longer a Member State of the European Union (EU) and is considered a third country to the EU. The UK now applies the “UK GDPR”, an almost identical version of the EU GDPR. The rights, principles and obligations mostly stay the same. US companies that were doing business with the EU before Brexit now have to look at the UK with a different lens. One of the main questions regarding GDPR post Brexit is the data protection representative. Do you have to appoint one? Do you maybe even have to appoint two?

It Depends On Where You Do Business

I do business with the EU/EEA only

If you only do business with the EU or the European Economic Area (EEA) and not with the UK, you should not be concerned by Brexit. However, even if you are based in the US, you must appoint an EU GDPR Representative if:

• you don’t have an establishment in the EU/EEA
• you offer products or services to individuals who are in the EU or monitor the behaviour of individuals in the EU (such as tracking or profiling)

If you haven’t appointed a GDPR EU representative and you’re not sure if you have to appoint one, take our free assessment test to find out!

I do business with the UK only

If you only do business with the UK and not with the EU or EEA, you must appoint a UK GDPR Representative if:

• you don’t have an establishment in the UK
• you offer products or services to individuals who are in the UK or you monitor the behaviour of such individuals

I do business with both the UK and the EU/EEA

If you do business with the UK and the EU/EEA, both the EU and UK GDPR apply to your business. You must therefore appoint both an EU GDPR representative and a UK GDPR representative if you are based in the US and if:

• you don’t have an establishment in the EU/EEA or in the UK
• you offer products or services to individuals who are in the EU/EEA and the UK or you monitor the behaviour of such individuals

If you already had an EU representative prior to January 1, 2021, and the representative was located in the UK, you will now have to appoint a representative on the EU/EEA countries.

Can you benefit from the exceptions?

You don’t have to appoint an EU and/or a UK representative if:

• You have an establishment in the EU (regarding the EU representative obligation) or in the UK (regarding the UK representative obligation)
• You are a public authority; or
• You process personal data only occasionally and you don’t process sensitive personal data on a large and your processing activities are not likely to affect the rights and freedoms of individuals in the EU/ UK.

EDPO can act as your EU/EEA GDPR representative AND as your UK GDPR representative.

If you appoint EDPO as both your EU/EEA and UK Data Protection Representative, you will get a 20% discount on the EU Representative price.

Want to know more? Contact us for a free assessment.

EDPO participated in the Belgian Economic Mission to the United States in Atlanta, New York and Boston (6 to 11 June):

After a successful economic mission in London last month, EDPO participated in the Belgian Economic Mission to the US last week. Another great opportunity to raise awareness on the GDPR ’s forgotten obligation to appoint a Data Protection Representative. We attended events in memorable locations in Atlanta, New York and Boston, including an insightful seminar on data governance which was held at Massachusetts Institute of Technology (MIT). New windows are opening for data and privacy. “What is my data going to do for me today”? will be the next big question to ask. The continuum between impersonal and personal data is blurring and privacy actors will need to reinvent their job every day. 

The sectors of life sciences, fintech, regtech, AI, and many more were also on the pedestal during the week. Our founder Jane Murphy was given the opportunity to tell EDPO’s story during the New York FEB Luncheon in the presence of Her Royal Highness Princess Astrid of Belgium, which included discussions on the future of transatlantic data transfers. We also discussed female entrepreneurship at two events in Atlanta and New York and met with fabulous leaders such as Dr Ilham Kadri (Solvay).

An intense week that will no doubt trigger more collaboration between Belgium and the USA in the years to come! 

Thank you hub.brussels and all organisers who made this mission a great success!