Article 27 GDPR Representative Service

Under the UK GDPR, any non-UK based business that does not have a business presence in the UK, but which transacts business in the UK or monitors the behaviour of UK-based individuals must have a GDPR Representative in the UK. In this situation, organisations must appoint an EU and/or UK GDPR Representative in a relevant EU Member State and/or the UK. In certain situations, and as a consequence of Brexit, organisations may have to appoint a GDPR Representative in both the EU and the UK.

The requirement of the Article 27 Representative has been put in place to provide the relevant Data Protection Authority with the ability to enforce the GDPR against entities that are out of the jurisdictional reach of the EU.

Our representative services are provided by a team of expert lawyers, with in-depth experience of working with EU and UK regulators and advising on privacy compliance projects. The team, headed up by Duncan Gillespie, a solicitor admitted in England and Wales with nearly 25 years’ experience and a data privacy specialist, will work with our UK and EU legal teams enabling us to provide you with the legal guidance needed to respond effectively to inquiries by supervisory authorities or more complex interactions with data subjects.

EU or UK representatives have to meet the specific requirements. Our representatives are here to:

• Understand your approach to GDPR and/or the UK GDPR (if applicable) compliance;
• Dedicate time to understand your personal data processing activities and your approach to compliance.
• Keep in touch with you so you’re up to date with respective changes to EU rules on personal data processing.
• Act on your behalf in the EEA (including the EU) and/or the UK (if applicable);
• Be named in your privacy notices as a point of contact in the EEA and/or the UK.
• Act on your behalf with European and/or UK data protection authorities.
• Be the contact point for data subject requests.
• Maintain your record of processing activities (ROPA) as required the GDPR and/or the UK GDPR.

Provide you with our assessment of your state of compliance with the GDPR and/or the UK GDPR

In the first year, we can undertake an initial audit of your privacy compliance or review an existing audit to help you ensure you are in line with applicable data protection requirements. In the following years, we can run an annual high-level audit to ensure you remain compliant over time.

The Commission can issue fines for not having an Article 27 Representative appointed in accordance with Article 83(4):

83 (4) Infringements of the following provisions shall, in accordance with paragraph 2, be subject to administrative fines up to 10,000,000 EUR, or in the case of an undertaking, up to 2 % of the total worldwide annual turnover of the preceding financial year, whichever is higher:

the obligations of the controller and the processor pursuant to Articles 8, 11, 25 to 39 and 42 and 43;
the obligations of the certification body pursuant to Articles 42 and 43;
the obligations of the monitoring body pursuant to Article 41(4).

On 26^th January 2021 we hosted a webinar on the subject which is available to stream On-Demand at https://360lawgroup.co.uk/webinars

You can also contact us for a consultation to find out whether this service is right for your business.

The below pricing table is for UK businesses, if you are located in another jurisdiction and interested in this service, please contact us for a bespoke quote: