UK representative

A UK representative under the UK General Data Protection Regulation (GDPR) is a natural or legal person who is appointed by a controller or processor outside the United Kingdom (UK) to ensure compliance with data protection rules. The UK representative acts as a point of contact for data protection matters and enables UK citizens to effectively exercise their data protection rights.

Do I need a UK representative?

If you, as a company, offer goods and/or services to end customers in the UK or observe the behavior of people in the UK, you must name a local contact for data protection issues. This enables the data protection authority in the UK to reach out to your UK representative and receive answers. Since the UK representative must be based in the UK, he is therefore also subject to UK law and cannot evade the authority. The representative must provide certain documentation upon request. For example, he must keep a record of processing activities.

Note: It is still the responsibility of the person responsible (i.e. your companies outside the UK) to maintain/create the processing register.

Another reason why the British legislator requires a representative in the UK in Article 27 of the UK GDPR is that British end customers have a point of contact for their data protection issues within the UK. In addition, this provision should be analogous to the EU so that the UK is regarded as an equivalent third country.

Both a legal entity (company) and a natural person can be appointed as UK representatives. The use of a natural person is not recommended here, because as a result, the person's registration address must be provided in the data protection policy. In the case of a legal entity, this would be the business address.

What activities does a UK representative take on from SIDD?

We take on the role of UK representative through our company in London. We keep a list of local processing activities and are available as a point of contact for inquiries from the UK.

Briefly: SIDD's UK representative forwards inquiries from the UK to your company and keeps a list of local processing activities. If you would like advice on specific inquiries, we can offer this on an hourly basis. We recommend usinge the UK representative in combination with a SIDD Data Protection Consultant (Switzerland) or a Data Protection Officer (EU). to use.

Which packages does SIDD offer?

UK representative package

What happens after you order SIDD?

After SIDD has been appointed as a UK representative, onboarding takes place as follows:

Contract signing

We conclude a service contract with the customer, which contains the framework conditions and scope of our work as a UK representative. Digital, of course 😉

Provision of a list of processing activities

By you (customer) or, if applicable, commissioned to draw up the list of processing activities as part of a Data protection workshop.

Mention our London company in your privacy policy

Ongoing support

Should inquiries be received, we will immediately communicate them to you and coordinate with you. In this case, we recommend to appoint a Data Protection Advisor (Switzerland) or Data Protection Officer (EU) as a contact person.