As of the 1st of Januaray 2021, the Brexit transition period ended and new rules between the UK and EU have come into effect. With regards to data privacy laws, the UK decided to adopt the GDPR into national law. The new law, named the 'UK-GDPR', is functionally identical to the 'EU-GDPR'; however because of this change, there are some important administrative changes that businesses should be aware of.
One of the key consequences of the UK-GDPR is that businesses may need to appoint a UK representative. If your organisation is not established in the UK (i.e. you do not have a physical location in the UK), and you are selling goods or services to UK citizens or monitoring UK citizens, then you will need to appoint a UK representative. Details of this can be found in GDPR Article 27 and Recital 80.
Do I need to Appoint a UK Representative?
For some companies appointing a UK Representative is a legal requirement. You may need to appoint a UK representative if you do not have an establishment in the UK (a physical location such as an office, shop or headquarters) and you meet one or more of the below criteria:
- You are offering goods or services to UK citizens
- You are monitoring the behaviour of UK citizens
- You are processing special category or criminal conviction data of UK citizens
- You are processing UK citizen data on a large scale
- You are processing UK citizen data which may result in a risk to the rights and freedoms of individuals.
You do not need to appoint a UK Representative if:
- You have an establishment in the UK, e.g. you have an office, shop or headquarters in the UK.
- The data processing which you are performing is occasional/infrequent. There is no quantified definition of ‘occasional’. Tacita can provide guidance in this area.
What does a UK-Representative do?
The representative will:
- Provide UK data subjects with a UK established contact point for your organisation.
- Provide a communication channel between your organisation and the UK supervisory authority, the Information Commissioner's Office (the ICO).
- As part of these duties, the UK GDPR Representative must hold a copy of your Records of Processing or Data Mapping Records.
- Provides a local point of contact for matters of UK data protection and privacy.
Our Sevice and Fees
UK GDPR Representation for one legal entity - €30 per month regardless of size of client.
- Establishment of UK GDPR Representative
- Holding of client Records of Processing and/or Data Maps
- Use of Tacita’s name as UK GDPR Representative on appropriate client documents and websites.
Any use of Tacita’s time:
- Where data subjects approach Tacita as client’s UK-GDPR Representative and liaison activities are required.
- Where the client requests Tacita’s assistance in resolving issues.
- Consumed at €60 per hour. Time-sheets issued daily to the client with activity descriptions
- Invoiced in 15 minute increments.
NOTE: all companies that offer UK GDPR Representative services will normally charge on a time and materials basis for anything over the basic representation required by law. If data subjects approach UK GDPR Representation Companies and consume UK GDPR Representative hours or require legal counsel to resolve then these are all additional costs regardless of who you contract with.
Contract with Tacita, we provide the required services at an attractive cost. If we are contacted by your data subjects we will ensure that any interaction with them, yourselves and any supervisory authorities is kept to the absolute minimum whilst acting as an effective liaison.
Tacita offers the lowest cost, most efficient time & materials support, should data subject and authority liaison be required.
This is supported by our instant cancellation policy. If you wish to cancel then we will only invoice any outstanding work effort consumed up to the minute of the request for cancellation.