The General Data Protection Regulation (GDPR) can apply to organisations with no business presence in the EEA (including the EU) if (i) they offer goods or services to individuals in the EEA or (ii) they monitor the behaviour of individuals in the EEA. This is required by Article 27 of the GDPR. 

Similarly, same is true with the UK Data Protection Brexit Regulations which amend the retained EU law version of the GDPR (the “UK GDPR”), if organisations with no business presence in the UK, (i) offer goods or services to individuals located in the UK or (ii) if they monitor the behaviour of individuals located in the UK. This is required by Article 27 of the UK GDPR.

In this situation, organisations must appoint EU and/or UK representative(s) in a relevant EEA country and/or the UK. In certain situations, and as a consequence of Brexit, organisations may have to appoint a representative in both the EU and the UK.

The representative’s role is to ensure that the organisation complies with the GDPR and/or the UK GDPR by enabling communication with individuals and data protection authorities. Bird & Bird offers both EU and UK representative services through Bird & Bird GDPR Representative Services SRL and its various branches across Europe.

What does the GDPR representative do?

EU or UK representatives have to meet the specific requirements. Our representatives are here to:

Mandatory requirements

  • Understand your approach to GDPR and/or the UK GDPR (if applicable) compliance
    • Dedicate time to understand your personal data processing activities and your approach to compliance.
    • Keep in touch with you so you're up to date with respective changes to EU rules on personal data processing.
  • Act on your behalf in the EEA (including the EU) and/or the UK (if applicable)
    • Be named in your privacy notices as a point of contact in the EEA and/or the UK.
    • Act on your behalf with European and/or UK data protection authorities.
  • Maintain your record of processing activities (ROPA) as required the GDPR and/or the UK GDPR.

Optional services

  •  Provide you with our assessment of your state of compliance with the GDPR and/or the UK GDPR
    • In the first year, we can undertake an initial audit of your privacy compliance or review an existing audit to help you ensure you are in line with applicable data protection requirements.
    • In the following years, we can run an annual high-level audit to ensure you remain compliant over time. 

Who are your Bird & Bird Privacy Solution representatives?

Our representative services are provided by a team of expert lawyers and compliance advisors, with in-depth experience of working with EU and UK regulators and advising on privacy compliance projects. The team also works closely with our top-ranked data privacy legal specialists, enabling us to provide you with the legal guidance needed to respond effectively to inquiries by supervisory authorities or more complex interactions with data subjects.

You’d like a fixed fee quote or have questions?

Please contact us using the form below. 

 

Related materials and downloads

News & Events