info@edpo.com
England and Wales High Court rules that the GDPR Art. 27 Representative is not liable for its clients’ actions
The England and Wales High Court of Justice (May 28th 2021): the GDPR Article 27 Representative is not liable for its client’s actions.
On the role of the representative:
“At the least, the picture which emerges is of a considerably fuller role than a mere postbox ‘to be addressed’. Even the language of ‘conduit’ or ‘liaison’ does not fully capture the job the GDPR gives to representatives. The role is an enriched one, active rather than passive.[…] The job focuses on providing local transparency and availability to data subjects, and local regulatory co-operation.”[74]
On the representative’s liability:
“I find no positive encouragement for ‘representative liability’ anywhere other than the last sentence of Rec.80.[…] If the GDPR had intended to achieve ‘representative liability’ then it would necessarily have said so more clearly in its operative provisions” [101]
Common Mistakes about UK GDPR by EU Companies
ASSUMING THAT SMALL VOLUMES OF UK PERSONAL DATA DON’T FALL UNDER THE UK GDPR Many EU companies may underestimate the amount of data they...
EU GDPR Quick Guide to GDPR Fines and Sanctions
The EU’s General Data Protection Regulation (GDPR) was one of the first privacy laws to compel broad organizational compliance, largely...
Understanding GDPR: What You Need to Know in 2025
In 2018, the European Commission introduced the General Data Protection Regulation (GDPR). It shook the world because it applied both to...
About the author
Jane Murphy
