Austria Belgium Bulgaria China Czech Republic France Germany Hungary Italy Poland Romania Slovakia Spain Turkey

SCHINDHELM WORLDWIDE

News & Jusful Rankings and Awards Digitalaw News Newsletter Newsletter Archive Publications Press reports Schindhelm Whistleblowing Solution Schindhelm365 Webcast

New data protection law in the UK: The UK representative

Obviously, the British people have not been satisfied with the EU. However, the GDPR was probably no ground to complaint, as now a "UK -GDPR" was put into effect on 1 January 2021 containing very similar rules comparing to its predecessor.

The UK representative

Among others, the UK GDPR includes the requirement of a 'representative', the one introduced under Article 27 GDPR that applies to companies not established in the EU.

Companies that do not have a place of business in the UK but offer goods or services to individuals in the UK or monitor the behaviour of individuals within the UK shall appoint a representative under Article 27 of the UK GDPR. This obligation applies to but is not limited to online providers and IT companies that process personal data for their customers. It applies even if the IT company is carrying out the processing solely by order, which means that the data will be processed on behalf of a third party only.

Similarly to the European model, the UK representative shall act as a local contact person and, if necessary, shall communicate with the British Information Commissioner's Office as the responsible data protection authority. He/she is also the delivery agent for all communications relating to data protection in the UK. This is to avoid losing too much time in cross-border communication.

Qualification of the representative

The representative may be a company or an individual established or resident in the UK and it need to be notified to British Information Commissioner's Office in writing. He/she shall have access to the company's records of processing activities (Article 30 GDPR) and be fully authorised to act on the company's behalf. Hence, he/she shall be an expert in the field of data protection law. He/she shall also be listed in the company's data privacy policies with his/her contact details.

Possible sanctions

The penalties for a breach of the UK GDPR are likewise draconian as those under the GDPR: Fines up to GBP 8,700,000 or 2% of a company's annual worldwide turnover may be imposed. Thus, personal data of persons from the United Kingdom should enjoy the same level of protection and the same principles should be applied as under the GDPR.

Autor: Beatrix Fakó

Upcoming international events

Lecture in Hamburg (Master of International Taxation-M.I.Tax)

Fernando Lozano
23.11.2024 09:00, Hamburg (Germany)

Law Team Careers About us International News & Jusful Events Contact

We speak your language.
Everywhere.

SAXINGER Rechtsanwalts GmbH

Graz - graz@saxinger.com
Opernring 7/1 - 8010 Graz - T +43 316 822280
Linz - linz@saxinger.com
Böhmerwaldstraße 14 - 4020 Linz - T +43 732 603030
Vienna - vienna@saxinger.com
Wächtergasse 1 - 1010 Wien - T +43 1 9050100
Wels - wels@saxinger.com
Edisonstraße 1 - 4600 Wels - T +43 7242 65290

2024 (c) SAXINGER Rechtsanwalts GmbH

General Terms of Engagement Privacy Information Privacy Policy Disclaimer Legal Notice