Appointing a data protection representative in UK or EU

The why and what of appointing a data protection representative in UK or EU.

Appointing a data protection representative in UK or EU
Appointing a data protection representative in UK or EU
Clive Mackintosh
March 20, 2023
EU / UK Representation

In this blog we discuss the rationale and highlight the relevant law an organisation must follow to ensure it complies with Article 27 of the General Data Protection Regulation 2016 (EU GDPR) and Article 27 of the UK GDPR.

EU GDPR Appointment

Article 3(2) of the EU GDPR provides that where an organisation based outside of the EU offers goods or services or monitors the behaviour of individuals residing in the EU they must act in accordance with the provisions of Article 27 of the EU GDPR and must designate in writing a representative established in one of the EU member states to represent them unless their processing of personal data is:

  • Occasional.
  • Does not involve large-scale processing of personal data including special categories of data or processing of criminal convictions or offences.
  • Is unlikely to result in a risk to the rights and freedoms of living individuals based on the nature, context, scope, and purpose of the processing activities.

The data representative is mandated by the organisation to receive and respond to enquiries from supervisory authorities and also data subjects. 

Effectively, it acts as a point of contact for a controller or processor-based outside of the EU allowing for full liaison on:

  • Supervisory Authority requests for information and enquiries.
  • Queries and requests from individuals whose personal data has or is being processed by the organisation.
  • Managing and maintaining a comprehensive record of an organisations record of processing activities.

UK GDPR Appointment

Under the UK GDPR, provisions similar to the EU GDPR apply to appointing a UK data representative. Article 4(17) of the UK GDPR uses the same language as the EU GDPR for defining a data representative other than the representative must be based and operate out of the UK.

Similar rules apply to how an organisation must appoint a UK data representative and the roles and responsibilities of the data representative.

Appointing a GDPR local representative

For more information on appointing a GDPR representative, either EU, UK, or both schedule a no-commitment call with a GDPR expert today, or get a quote to understand how our value pricing makes compliance and representation services simple.

Get a GDPR Representative Quote
We use cookies on our site.
GDPREP.ORG would like to use performance and analytic cookies while you visit and browse our site to improve your experience. This means we may collect some of your data and you can read more about our use of cookies here. You can withdraw your consent at any time by emailing us at: View our Cookie Policy for more information.