The General Data Protection Regulation (GDPR) can apply to organisations with no business presence in the EEA (including the EU) if (i) they offer goods or services to individuals in the EEA or (ii) they monitor the behaviour of individuals in the EEA. This is required by Article 27 of the GDPR.
Similarly, same is true with the UK Data Protection Brexit Regulations which amend the retained EU law version of the GDPR (the “UK GDPR”), if organisations with no business presence in the UK, (i) offer goods or services to individuals located in the UK or (ii) if they monitor the behaviour of individuals located in the UK. This is required by Article 27 of the UK GDPR.
In this situation, organisations must appoint EU and/or UK representative(s) in a relevant EEA country and/or the UK. In certain situations, and as a consequence of Brexit, organisations may have to appoint a representative in both the EU and the UK.
The representative’s role is to ensure that the organisation complies with the GDPR and/or the UK GDPR by enabling communication with individuals and data protection authorities. Bird & Bird offers both EU and UK representative services through Bird & Bird GDPR Representative Services SRL and its various branches across Europe.
EU or UK representatives have to meet the specific requirements. Our representatives are here to:
Who are your Bird & Bird Privacy Solution representatives?
Our representative services are provided by a team of expert lawyers and compliance advisors, with in-depth experience of working with EU and UK regulators and advising on privacy compliance projects. The team also works closely with our top-ranked data privacy legal specialists, enabling us to provide you with the legal guidance needed to respond effectively to inquiries by supervisory authorities or more complex interactions with data subjects.
Please contact us using the form below.
Under the GDPR, controllers or processors not established in the European Union are required to appoint a representative in the EU when they process personal data within the scope of the GDPR. Data protection ...
Retailers are embracing a data driven approach to better understand their consumers and inform strategic decisions (i.e., on pricing, promotion, loyalty programs and customer communications etc.). Data is also an ...
With a Brexit trade deal now having been agreed, a number of data protection compliance actions must be considered by organisations, including whether the appointment of an article 27 representative in the UK and/or the ...