Brexit and the GDPR: Most UK businesses operating in the EU will now need to appoint an EU representative. Check out our guide below for further information. - MLP Law

Brexit and the GDPR: Most UK businesses operating in the EU will now need to appoint an EU representative. Check out our guide below for further information.

  • Commercial Law
  • 18th Jan 2021

Since 1st January 2021, following the end of the Brexit transition period, the EU GDPR no longer has direct effect in the UK. This means that data flows between the UK and the EU member states are no longer permitted, unless appropriate safeguards have been put into place.  If you only undertake business within the […]

By Stephen Attree

MLP Law

Since 1st January 2021, following the end of the Brexit transition period, the EU GDPR no longer has direct effect in the UK. This means that data flows between the UK and the EU member states are no longer permitted, unless appropriate safeguards have been put into place. 

If you only undertake business within the UK, this is not likely to affect you. However, if you also operate in the EU, you may be required under Article 27 of the GDPR to appoint an ‘EU representative’. 

If you do need to appoint an EU representative, they will serve as your business’ contact for data subjects and will act on your behalf regarding your EU GDPR compliance. This representative should be based in one of the states where some of the individuals whose data you are processing are located. You should also provide all the EEA based individuals whose personal data you are processing with details of your chosen representative.  

Criteria

The requirement to appoint a representative will only apply if you process personal data on behalf of individuals living in the EU. Therefore, if you mainly contract with other businesses (and therefore do not process much, if any, personal data), it is unlikely that you will need to appoint a representative.

If you are unsure as to whether you need to appoint a representative or not, we advise undertaking an assessment of your data processing activities in the EU.  Please let us know if you would like assistance with this.

Risk of fines

Finally, it is worth remembering that breaches of the GDPR can be costly. By not appointing a representative when you are required to, you may be liable for a fine of up to €10 million, or 2% of your revenue from the most recent financial year (whichever is higher).

How we can help

Put simply, if you deal with customers in the EU, but do not have an office there, it is likely that you’ll need to appoint an EU representative.

If you think you require advice on this and if you would like to discuss your data processing activities in further detail, contact our Commercial and IP team on 0161 926 9969 or commercial@mlplaw.co.uk  to receive expert legal advice for your business.

About the expert

Stephen Attree

Managing Partner

Stephen is the Owner of MLP Law and leads our Commercial, IP and Dispute Resolution teams which provide advice on all aspects of the law relating to mergers, acquisitions, financing, re-structuring, complex commercial contracts, standard trading terms, share options, shareholder and partnership agreements, commercial dispute resolution, joint venture and partnering arrangements, IT and Technology law, Intellectual Property, EU and competition law, Brexit and GDPR.

Areas of expertise

Interested in working with Stephen?

Let’s start by getting to know you and your business - either on the phone or in person. Complete the form below and we’ll be in touch shortly.

    This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.