EU Representative
UK GDPR
About UK GDPR – Key Facts
Who it applies to?
UK GDPR covers all organisations that handle personal data – from large companies to sole traders and charities.
It also applies to businesses outside the UK if they offer goods or services to UK residents, even for free.
If you collect information like names, emails, phone numbers, addresses, payments, or IP addresses – it applies to you.
What it means to implement
Implementing UK GDPR is more than just having an ICO registration.
It means:
Having the policies and procedures the ICO requires.
Informing customers, suppliers, and staff how you use their data.
Keeping data secure and training staff.
Choosing partners (e.g., accountant, marketing provider) who are ICO registered and have strong data protection.
Documentation
External: public documents – Privacy Policy, Cookie Policy, Terms & Conditions.
Internal: private procedures, registers, and staff training records.
ICO registration alone is not enough – you need both.
EU Representative
If your business is based in the UK (or outside the European Union) but operates in the EU market – for example, selling to EU customers, providing services, or collecting personal data from people in the EU – the EU GDPR requires you to appoint an EU Representative.
It makes no difference whether your products or services are paid or offered for free – the obligation still applies.
Our service provides a professional, EU-based point of contact for your data protection obligations – ensuring you remain compliant and avoid significant fines.
When this applies
UK-based companies must appoint an EU Representative if they:
Collect, store, or process personal data of people living in the EU – such as customer names, emails, payment details, or IP addresses.
Sell products or services to EU residents – including free products, free trials, free apps, or memberships.
Run marketing campaigns targeting EU audiences – via email, social media, ads, or other channels.
Monitor the behaviour of people in the EU – through website analytics, tracking cookies, location tracking, or behavioural profiling.
Operate an e-commerce site that accepts orders from the EU.
Collect newsletter sign-ups or leads from people in the EU.
This applies regardless of business size – from sole traders to large corporations – and also covers non-profits or charities established in the UK but engaging with the EU market.
What’s included in the service
- Official appointment as your EU GDPR Representative under Article 27 EU GDPR.
- Acting as your point of contact with the relevant EU Data Protection Authorities in all EU member states where your data subjects are located.
- Inclusion in your privacy documentation (e.g. Privacy Policy, Privacy Notice).
- Maintaining your Record of Processing Activities (ROPA) in compliance with Article 30 EU GDPR.
- Ongoing support from our EU-based data protection team.
- Forwarding and coordinating all communications from EU regulators or EU data subjects.
- Advising you on changes in EU data protection law that may affect your business operations.
Why it matters
Failing to appoint an EU Representative when required can result in administrative fines of up to:
€10 million or 2% of annual global turnover – whichever is higher.
The EU Representative is not a Data Protection Officer (DPO) – their role is to act as your official contact point in the EU for regulators and data subjects. This role must be formally documented and made visible to the public, typically in your Privacy Policy.