GDPR representation Services
If your organisation is processing personal data on UK or EU residents and you need local representation and translation services, The DPO Centre can provide you with a GDPR Representative that fulfils the obligations set out in Article 27 of the GDPR.
Find out how we can help your organisation today.
EU and UK Representative Services Required by GDPR Article 27
Article 27 of the GDPR requires organisations offering goods or services or monitoring the behaviour of EU residents to have a point of contact within at least one EU member-state. If your organisation has no establishment in the EU but you still process EU residents’ data, then you are required to appoint an EU Representative.
Read More
Since leaving the EU on January 1st, 2021, the UK now has a similar requirement for representation. Therefore, if you are offering goods or services or monitoring the behaviour of UK residents without a physical establishment in the UK, then you must appoint a GDPR Representative within the UK.
Our service provides you with access to established and experienced GDPR representation in the UK and across all 27 member states within the EU. Representatives from The DPO Centre will liaise where necessary with supervisory authorities, facilitate individuals’ rights requests, such as Data Subject Access Requests (DSARs), build and maintain your Records of Processing Activities (RoPA), and facilitate communication between your organisation and data subjects.
The DPO Centre provides:
EU Representation to organisations outside the EEA
UK Representation to organisations outside the UK
Representation in both the UK and the EU for organisations located in neither the UK nor the EEA
Why you should choose a GDPR Representative from the DPO Centre
Adhering to the data protection rules set out in the GDPR isn’t just good business practice — it’s the law. As of January 2021, businesses must not only respect the EU’s GDPR requirements but must also now adhere to the UK’s version of the GDPR. The DPO Centre Ltd and The DPO Centre Europe Ltd maintains a large team of highly qualified data protection specialists with the skills, knowledge, and resources required to undertake your representation requirements in the UK and the EU. Having worked with over 400 organisations across multiple sectors, we have developed shared best practices and model documentation that will help to maintain your organisation’s compliance with data protection regulations.
Where should an EU Representative be located?
If an organisation processes personal data of data subjects residing in a limited number of EU states, then its Representative should be established in one of those states.
We recommend appointing an EU Representative in the EU country where you process the majority of personal data. You will likely receive the most requests and enquiries from this member state, therefore having a GDPR Representative stationed there, who triages requests in their language, will make communication much easier.
The DPO Centre and The DPO Centre Europe is uniquely situated to enable your organisation to comply with the EU and UK GDPR by providing the following resources:
- Offices in Dublin and all 27 EU member states, as well as the UK
- The necessary ‘establishment’ details in the UK or any EU member-state to publish on your EU facing privacy policy
- A local telephone number in the UK or your chosen EU member-state answered in the native language of that country
- A professional translation service to handle correspondence in all major EU languages
You must comply with Article 27 of the GDPR even if you process the personal data of data subjects that reside in only one country.
“The DPO Centre’s team are always on hand to answer any queries we may have and to help us respond to any Data Subject Access Requests from any trial member across the EU.”
Drew Davies
PCCTC
How Does Our Service Work?
Our GDPR representation service starts with an initial onboarding process, and then an ongoing monitoring and reporting service.
Initial Onboarding
During the onboarding phase we will review your privacy policies and ensure the appropriate contact details for your Representative are in place. These details must be clearly visible and accessible to data subjects and regulators who wish to contact you.
It is a requirement of your Representative to maintain a copy of your Records of Processing Activities (RoPA). We will therefore review your existing, or assist you to construct your RoPA for your EU and or UK processing activities. We then use these records to assist us to respond to data subject requests or regulator enquiries.
Ensuring Ongoing Compliance
After we’ve established your RoPA, this will be maintained and updated regularly. We will receive, triage and where appropriate respond to data subject and regulator requests, translate them if necessary, and assist you with appropriate responses. Our representation service also includes access to our advice line service and regular information and advice on data protection issues that may impact your operations.
Local GDPR Representation in the UK and 27 EU Member States
Utilising our network of offices throughout the UK and Europe you will be provided with a physical address, local telephone number, and email address in your chosen country.
For example, if you’re a UK organisation that offers goods or services to residents of France, but you don’t have a physical presence within France, we will deliver your representation service from our Paris, France office. Within your privacy policy, you can then publish our French address, French telephone number (answered in French and English), and email address.
For correspondence received from data subjects in other languages, we use a professional proxy online translation service that allows us to receive the requests in English, then respond through the service to deliver an answer to the data subject in their own language.
These services allow us to deliver GDPR representation seamlessly throughout the UK and the EU, in all major worldwide languages.
Benefits of Our GDPR Representative Service
Appointing a Representative is a legal requirement, however there are many benefits of appointing The DPO Centre as your GDPR Representative. These include:
GDPR Representative Services for Sectors
Regardless of the sector in which you are in — compliance with the GDPR is a necessity for all organisations. However, each sector has particular market considerations and specific industry compliance requirements, with varying appetites toward risk. As established GDPR Representatives we are Subject Matter Experts and provide you with access to an experienced team of data professionals. Whether your organisation operates in healthcare, tech, retail, eCommerce, finance, insurance, education, or not-for-profit, our broadly experienced team can cater to your organisation’s unique commitments and requirements.
Enquire Today
Fill in your details below and we’ll get back to you as soon as possible
Frequently Asked Questions
We’ve compiled a series of FAQs but if you can’t find the answer here please contact us to find out more.
Article 27 of the GDPR states that data controllers or processors who are not established in the European Union, but who offer goods or services to individuals in the EEA or EU or monitor their behaviour, must appoint a Representative based in the EU. The UK has an essentially identical regulation, which requires applicable organisations without a physical UK establishment to appoint a UK GDPR Representative. For more information, read our page about GDPR Article 27.
Organisations processing data of individuals residing in the EU or EEA must appoint a Representative to cooperate with supervisory authorities, facilitate communication between data subjects and the organisation, and maintain a Record of Processing Activities (RoPA) in accordance with Article 27 of the GDPR. Organisations processing data of individuals residing in the UK must also have a similar Representative if they do not have an establishment in the UK. If your organisation is collecting data from UK and EU residents without physical establishments in these countries, then you must appoint a GDPR Representative for your organisation in both the EU and the UK.
For more information, read our guide about when and why you need GDPR representation.
A GDPR Representative will cooperate with regulators, facilitate communication between your organisation and data subjects, and maintain a Record of Processing Activities (RoPA). They’ll also ensure your contact details are clearly displayed in your privacy notice, understand your data flows, translate and respond to queries from data subjects and supervisory authorities, log and report data breaches related to your EU or UK data subjects, and advise you on data protection issues.
The fee to deliver GDPR Representative service varies based on your sector, the number of data subjects you are personal processing data on and the needs of your organisation. Please contact us so that we can discuss your requirements.
Our large team of privacy professionals provide access to a wide range of expertise and experience in data protection, we can support your organisation with representation, but also through our data protection consultancy services, outsourced data protection officers, interim support services and data protection training.
