Brexit And The Data Protection Representative

What is the impact for your company?

Are you compliant since Brexit?

What do you need to do as from 1st January 2021?

The Withdrawal Agreement acknowledged by the EU and the UK government stipulated a transition period to last until 31 December 2020. During this period, the UK agreed to continue following EU laws and regulations – including the GDPR – despite the ‘exit’ that took place in January 2020.

As from 1st January 2021, you should be compliant with the UK GDPR. Depending on where your company is located and where you do business, you may need to appoint one or even two Data Protection Representatives.

I am a UK company

I am an EU/EEA company

I am a company located outside the EU/EEA or the UK

I am a UK company

As from 1 January 2021, you most likely have to appoint an EU GDPR representative if:

  • you don’t have an establishment in the EU/EEA
  • you offer products or services to individuals who are in the EU/EEA or if you monitor the behaviour of such individuals (including UK citizens living within the EU/EEA)

Take our quick assessment test to find out if you need to appoint a GDPR EU representative!

Find out more about our EU Representative services and about our fees.

I am an EU/EEA company

As from 1 January 2021, the UK applies the ‘UK GDPR’. So the key obligations, rights and principles of the EU GDPR remain the same in the UK.

Even if you’re based in the EU, this means that you may need to appoint a UK GDPR Representative if:

  • you don’t have an establishment in the UK
  • you offer products or services to individuals who are in the UK or you monitor the behaviour of such individuals (including EU/EEA citizens living within the UK)

The UK’s data protection authority (ICO) confirms that you need to comply with the UK GDPR regarding this processing. “As you will not have a base inside the UK after the transition period ends, the UK GDPR will require you to appoint a representative in the UK.”

EDPO’s UK sister company (EDPO UK LTD) can act as your UK GDPR Representative.

Find out more about our UK Representative services and about our fees.

 

I do business with EU/EEA only

 

Even if you are based outside the European Union or the EEA, you may need to appoint a GDPR Representative if:

  • you don’t have an establishment in the EU/EEA
  • you offer products or services to individuals who are in the EU or monitor the behaviour of individuals in the EU (such as tracking or profiling)

If you haven’t appointed a GDPR EU/EEA representative and you’re not sure if you have to appoint one, take our assessment test to find out if you have to appoint one.

If you know that you need one, appoint EDPO now as your GDPR EU/EEA Representative!

I do business with the UK only

 

As from 1 January 2021, the UK applies the ‘UK GDPR’. So the key obligations, rights and principles of the EU GDPR remain the same in the UK.

Even if you are based outside the UK, you may need to appoint a UK GDPR Representative if:

  • you don’t have an establishment in the UK
  • you offer products or services to individuals who are in the UK or you monitor the behaviour of such individuals (including EU/EEA citizens living within the UK)

The UK’s data protection authority (ICO) confirms that you need to comply with the UK GDPR regarding this processing after the end of the transition period. “As you will not have a base inside the UK after the transition period ends, the UK GDPR will require you to appoint a representative in the UK.”

EDPO’s UK sister company (EDPO UK LTD) can act as your UK GDPR Representative.

Appoint EDPO UK as your UK GDPR Representative!

I do business with the EU/EEA and the UK

As from 1 January 2021, the EU GDPR continues to apply in the EU/EEA. As for the UK, it now applies the ‘UK GDPR’, so the key obligations, rights and principles of the EU GDPR will remain the same in the UK.

This means that you may need to appoint both an EU GDPR representative and a UK GDPR representative if:

  • you don’t have an establishment in the EU/EEA or in the UK
  • you offer products or services to individuals who are in the EU/EEA and the UK or you monitor the behaviour of such individuals

EDPO can act as your EU/EEA GDPR representative AND as your GDPR UK representative.

Appoint EDPO as your EU/EEA and UK Representative.

Your obligations in a nutshell

We provide a full range of high-quality representation services

Representation services in the UK

Data Subject Access Requests (DSARs)

Requests from the Data Protection Authority (ICO)

Representation services in the UK

We act as your Data Protection Representative in your name and on your behalf in the United Kingdom. Our office is located in London, at 8 Northumberland Avenue, London WC2N 5BY.

Data Subject Access Requests (DSARs)

We handle an unlimited number of DSARs across the UK. By “handling”, we mean that we receive requests, perform identity checks (if you instruct us to do so), forward the requests to you, answer your questions as to best practices on how to respond to the requests and reply to the data subjects on your behalf, unless you choose to answer yourself. We aren’t just a mailbox or message forwarding service.

Requests from the Data Protection Authority (ICO)

We handle an unlimited number of requests from the Data Protection Authority (ICO) in the UK. We understand that it can be quite daunting for companies to be contacted by a data protection authority. That’s why our team handles such requests with great care and diligence.

Data Breach Notification Support

Compliance certificate

Top-level security storage of your Record of processing activities

Data Breach Notification Support

We assist and support you in the handling of an unlimited number of data breach notifications in the UK. We understand that the process can sometimes be very challenging, especially given the tight 72-hour deadline to notify the data breach.

IMPORTANT NOTICE IN CASE OF DATE BREACH:  Our contract will not automatically terminate in the event that you experience a data breach. We support you all the time and all the way.

Compliance Certificate

We provide you with a Compliance Certificate based on data protection technology through a unique high-level encryption / decryption process (including Blockchain technology) which can be used on your website and on your company material.

Top-level security storage of your Record of processing activities

Your record of processing activities is kept on a highly secure platform that is certified with the latest and most comprehensive in-depth security certification – ISO/IEC 27001:2013 – which covers its entire business, people, processes, procedures and platform. You don’t have record of processing activities? We’ll be more than happy to provide you with referrals of templates and/or experts who can help you create your ROPA.

Dedicated client support

Dedicated Client Support

Privacy Policy/Documentation Wording

Privacy Policy / Documentation wording

Our fees

Our UK GDPR representative fees are based on the size of your company (in terms of number of employees), the type of data (regular data and/or sensitive data) that your company processes, whether or not your company’s processing operations require regular and systematic monitoring of individuals in the UK and whether your company processes personal data on a large scale.

All packages can be tailored to your company’s specific needs.

 

Our fees include the following services :

  • The handling of an unlimited number of requests from individuals (data subjects) in the UK
  • The handling of an unlimited number of requests from the UK Data protection authority (ICO)
  • The storage of a copy of your Record of processing activities on a plartform which has the highest and most in-depth security certification (ISO27001)
  • Assistance with the handling of an unlimited number of data breach notifications
  • The right to use EDPO UK’s contact details and logo on your website and on other company material
  • The right to use the EDPO UK Compliance Certificate which is based on Blockchain technology
  • Alerts on relevant data protection-related news and developments regarding your company’s compliance with the UK GDPR.

Our fees are all-inclusive. No hidden costs. No surprises.

Here is an indicative list of our UK Representative fees*:

 

* Fees are payable in up-front annual payments

Special Offer

Also appoint EPDO as your EU Representative and get a reduction of 20% off the EU Representative price!

Checklist for the appointment of your EU & UK Data Protection Representative

EDPO UK

8 Northumberland Avenue

London WC2N 5BY

info@edpo.com