Brexit introduced many changes and one of them was the ‘UK GDPR.’
The UK GDPR is what the GDPR is now called in the UK. The EU still has the EU GDPR. So, yes, there are now two of them!
The UK GDPR is, for now, basically a mirror of the EU GDPR. However, it has introduced the concept of a ‘UK GDPR Representative’, which wasn’t required before Brexit. A UK Representative is required by EU organisations, not UK ones, so read on for your quick summary of ‘what is a UK Representative is and why might I need one?’
What is a UK GDPR Representative?
A UK Representative is an individual or company in the UK that is your representative for all things data protection in the UK.
Having a UK Representative has become a requirement for some EU organisations since we left the EU. If you are not based in the UK, but your businesses processes the data of UK citizens, then you will need a UK GDPR representative.
What does a UK Representative do?
Your UK Representative:
- is the is a point of contact for the ICO and for data subjects;
- maintains a record of all data subject requests;
- cooperates with the ICO on behalf of your company;
- ensures your compliance with the UK GDPR; and
- keeps a record of data processing activities carried by your company.
Why would I need a UK Representative?
The UK GDPR says that all organisations that are not ‘established in the UK’ and that ‘process the data of people in the UK’ must appoint a representative in the Uk. This is a two-part test. Let me explain…
The first part of the test is whether or not you are established in the UK.
If you don’t have an office, a subsidiary or any other kind of establishment in the UK, then you are not ‘established’ in the UK. So, tick the box for the ‘yes’ to an UK Representative and move onto the second part.
The second part of the test is whether or not you process the data of people in the UK.
This involves either supplying goods or services to people in the UK and/or monitoring the behaviour of people in the UK.
- Do you supply goods or services into the UK (even for no payment)?
Do you, among other things:
- sell goods via an online shop;
- provide an online service or app;
- deliver goods to customers in the UK;
- accept GBP as a currency;
- use specific product branding for the UK market;
- run marketing campaigns aimed at the UK market; or
- provide specific contact details for UK customers.
2. Do you monitor the behaviour of people in the UK?
Monitoring is difficult to explain – it means to observe and check the progress or quality of something over a period of time or keep something under systematic review.
So, among other things, if you are monitoring people if you:
- track website visitors from the UK by using cookies or other technology;
- collect location or behavioural data;
- offer fitness tracking, personalised diet and health analytics services online; or
- are involved in the HR process in the UK.
So, if you don’t have an establishment in the UK and you process the data of people in the UK, then you need a UK Representative.
How do I find a UK Representative?
That’s the easy answer – we can be your UK Representative!
Give us a call and we can talk you through the UK GDPR Representative process a bit more.
We’re here to help, every step of the way.
Don’t wait. Book a free consultation today!