Brexit And The Data Protection Representative

What is the impact for your company?

Are you ready for Brexit?

What do you need to do until 31 December 2020?

The Withdrawal Agreement acknowledged by the EU and the UK government stipulates a transition period to last until 31 December 2020. During this period, the UK agreed to continue following EU laws and regulations – including the GDPR – despite the ‘exit’ taking place in January 2021.

Although nothing will change until 1 January 2021, you should already start preparing by appointing your EU and/or UK Data Protection Representative.

How many days left?

Day(s)

:

Hour(s)

:

Minute(s)

:

Second(s)

 

What do you need to do as from 1 January 2021?

Depending on where your company is located and where you do business, you may need to appoint one or even two Data Protection Representatives.

 

Where are you located? 

I am a UK company

I am an EU/EEA company

I am a company located outside the EU/EEA or the UK

I am a UK company

As from 1 January 2021, the UK will become a “third country”. However, as a UK-based company, you will most likely have to appoint an EU GDPR representative if:

  • you don’t have an establishment in the EU/EEA
  • you offer products or services to individuals who are in the EU/EEA or if you monitor the behaviour of such individuals (including UK citizens living within the EU/EEA)

Take our quick assessment test to find out if you need to appoint a GDPR EU representative!

Find out more about our EU Representative services and about our fees.

I am an EU/EEA company

As from 1 January 2021, the UK will become a “third country” but it will apply the ‘UK GDPR’. So the key obligations, rights and principles of the EU GDPR will remain the same in the UK.

Even if you’re based in the EU, this means that you may need to appoint a UK GDPR Representative if:

  • you don’t have an establishment in the UK
  • you offer products or services to individuals who are in the UK or you monitor the behaviour of such individuals (including EU/EEA citizens living within the UK)

The UK’s data protection authority (ICO) confirms that “the UK government intends that after the transition period ends, the UK version of the GDPR will say that a controller or processor located outside the UK – but which must still comply with the UK GDPR – must appoint a UK representative.”

EDPO’s UK subsidiary (EDPO UK LTD) can act as your UK GDPR Representative.

Find out more about our UK Representative services and about our fees.

 

I am a company located outside the EU/EEA and the UK

 

I do business with EU/EEA only

I do business with the UK only

I do business with the EU/EEA and the UK

Even if you are based outside the European Union or the EEA, you may need to appoint a GDPR Representative if:

  • you don’t have an establishment in the EU/EEA
  • you offer products or services to individuals who are in the EU or monitor the behaviour of individuals in the EU (such as tracking or profiling)

If you haven’t appointed a GDPR EU/EEA representative and you’re not sure if you have to appoint one, take our assessment test to find out if you have to appoint one.

If you know that you need one, appoint EDPO now as your GDPR EU/EEA Representative!

As from 1 January 2021, the UK will apply the ‘UK GDPR’. So the key obligations, rights and principles of the EU GDPR will remain the same in the UK.

Even if you are based outside the UK, you may need to appoint a UK GDPR Representative if:

  • you don’t have an establishment in the UK
  • you offer products or services to individuals who are in the UK or you monitor the behaviour of such individuals (including EU/EEA citizens living within the UK)

The UK’s data protection authority (ICO) confirms that “the UK government intends that after the transition period ends, the UK version of the GDPR will say that a controller or processor located outside the UK – but which must still comply with the UK GDPR – must appoint a UK representative.”

EDPO’s UK subsidiary (EDPO UK LTD) can act as your UK GDPR Representative.

Appoint EDPO UK as your UK GDPR Representative!

As from 1 January 2021, the EU GDPR will continue to apply in the EU/EEA. As for the UK, it will apply the ‘UK GDPR’, so the key obligations, rights and principles of the EU GDPR will remain the same in the UK.

This means that you may need to appoint both an EU GDPR representative and a UK GDPR representative if:

  • you don’t have an establishment in the EU/EEA or in the UK
  • you offer products or services to individuals who are in the EU/EEA and the UK or you monitor the behaviour of such individuals

EDPO can act as your EU/EEA GDPR representative AND as your GDPR UK representative.

Appoint EDPO as your EU/EEA and UK Representative. If you appoint EDPO as your EU/EEA and UK Data Protection Representative before the end of the Brexit transition period, you only have to pay the price of one!

 

Your obligations in a nutshell

We provide a full range of high-quality representation services

Representation services in the UK

Data Subject Access Requests (DSARs)

Requests from the Data Protection Authority (ICO)

Representation services in the UK

We act as your Data Protection Representative in your name and on your behalf in the United Kingdom. Our office is located in London, at 8 Northumberland Avenue, London WC2N 5BY.

Data Subject Access Requests (DSARs)

We handle an unlimited number of DSARs across the UK. By “handling”, we mean that we receive requests, perform identity checks (if you instruct us to do so), forward the requests to you, answer your questions as to best practices on how to respond to the requests and reply to the data subjects on your behalf, unless you choose to answer yourself. We aren’t just a mailbox or message forwarding service.

Requests from the Data Protection Authority (ICO)

We handle an unlimited number of requests from the Data Protection Authority (ICO) in the UK. We understand that it can be quite daunting for companies to be contacted by a data protection authority. That’s why our team handles such requests with great care and diligence.

Data Breach Notification Support

Compliance certificate

Top-level security storage of your Record of processing activities

Data Breach Notification Support

We assist and support you in the handling of an unlimited number of data breach notifications in the UK. We understand that the process can sometimes be very challenging, especially given the tight 72-hour deadline to notify the data breach.

IMPORTANT NOTICE IN CASE OF DATE BREACH:  Our contract will not automatically terminate in the event that you experience a data breach. We support you all the time and all the way.

Compliance Certificate

We provide you with a Compliance Certificate based on data protection technology through a unique high-level encryption / decryption process (including Blockchain technology) which can be used on your website and on your company material.

Top-level security storage of your Record of processing activities

Your record of processing activities is kept on a highly secure platform that is certified with the latest and most comprehensive in-depth security certification – ISO/IEC 27001:2013 – which covers its entire business, people, processes, procedures and platform. You don’t have record of processing activities? We’ll be more than happy to provide you with referrals of templates and/or experts who can help you set one up.

Dedicated client support

Dedicated Client Support

Privacy Policy/Documentation Wording

Privacy Policy / Documentation wording

Our fees

Our UK GDPR representative fees are based on the size of your company (in terms of number of employees), the type of data (regular data and/or sensitive data) that your company processes, whether or not your company’s processing operations require regular and systematic monitoring of individuals in the UK and whether your company processes personal data on a large scale.

All packages can be tailored to your company’s specific needs.

 

Our fees include the following services :

  • The handling of an unlimited number of requests from individuals in the UK
  • The handling of an unlimited number of requests from the Data Protection Authority (ICO)
  • The storage of a copy of your Register of processing activities on a platform which has the highest and most in-depth security certification
  • Assistance with the handling of an unlimited number of data breach notifications
  • The right to use EDPO UK’s contact details and logo on your website and on other company material
  • The right to use the EDPO UK Compliance Certificate which is based on Blockchain technology
  • Alerts on relevant data protection-related news and developments regarding your company’s compliance with the UK GDPR
Our fees are all-inclusive. No hidden costs. No surprises.

How much does it cost to appoint EDPO UK as your UK  Data Protection Representative?

  • Before 1 January 2021:  if you appoint EDPO as your EU and UK Data Protection Representative, you only have to pay for one Data Protection Representative! See our prices here
  • As from 1 January 2021: if you sign up after the end of the transition period and you need a Data Protection Representative both in the EU and the UK, you will get the second Representative at 50% off! See our prices here.

As from 1 January 2021, here is a list of our UK Representative fees*:

 

* Fees are payable in up-front annual payments

EDPO UK

8 Northumberland Avenue

London WC2N 5BY

info@edpo.com

EDPO UK

Private Limited Company

8 Northumberland Avenue London WC2N 5BY • United Kingdom

Company number: 12945565 

E-mail: info@edpo.com