7 Essential Tips For Making The Most Of Your Become A Representative

What Is a UK Representative and Why Do You Need One?

Natacha has held a number of senior roles in the Foreign Office including Deputy Ambassador to China and Director for economic diplomacy and Emerging Powers. She has also been involved in global trade policy and international issues.

Companies that are not based in the UK must comply with UK privacy laws. They must designate a sales representative jobs in the UK to act as their point of contact for data subjects, as well as the ICO.

What is an UK Representative?

The UK Representative is an individual, company or organisation mandated in writing by the controller or processor of data to act on behalf of the controller or processor in all aspects of GDPR compliance. They will be the primary contact point for any queries from individuals who exercise their rights or requests from supervisory authorities. They may also be subjected to national requirements which have been imposed because of the GDPR's extraterritorial reach (see the UK case Rondon against LexisNexis Risk Solutions).

The EU GDPR Article 27 and its UK equivalent, Section 3.2.2 of the Data Protection Act 2018, require the appointment of an official representative. This requirement applies to all companies that do not have a permanent location in the United Kingdom but offer goods or services, or control the conduct of individuals located there, or who process personal data. The representative must be able to provide proof of their identity, and also prove that they are able to represent the data processor or controller in connection with UK GDPR obligations.

The representative must be able to communicate with authorities if there's a breach. This is because the Representative needs to send a notice to the supervisory authority who appointed them, regardless of whether the breach affects the data subject across different jurisdictions.

It is crucial that the representative you choose has worked with both European and UK data protection authorities. It is also desirable for them to be proficient in local languages, as they will likely receive calls from individuals and data protection agencies in the countries where they operate in.

The EDPB declares that the Representative is accountable for any non-compliance. However the UK case of Rondon v LexisNexis UK Ltd. (2019) EWHC1427 has confirmed that a representative is not able to be sued by a person who believes that the controller of the data has failed to comply with GDPR in the UK. This is due to the fact that, according to the court, the Representative has no direct connection to the processing of data by the representative entity.

Who is required to appoint the UK Representative?

To comply with the EU GDPR, businesses that are not part of the EU that are targeting goods or services to European citizens, but do NOT have becoming an avon representative - her explanation, office, branch, or establishment within the EU must appoint an EU Representative. This is in addition to requirements from national laws on data protection. The role of a Representative is to be the local point of contact for individuals and supervisory authorities regarding GDPR compliance issues.

The UK has its own version to the EU requirements, as laid out in Article 27 of the UK-GDPR. The threshold is the same as that of the EU requirement: any company that offers goods or services in the UK or monitoring the behavior of the data subjects, has to appoint an UK representative sales.

Under the UK-GDPR, a Representative must be formally authorized "to be additionally or alternatively addressed, on behalf of the controller or processor, by data subjects and the [British Information Commissioner's Office]". They cannot be held personally responsible for GDPR compliance. However they must cooperate with supervisory authorities in formal proceedings and also receive communications from data subjects exercising their rights (access request or right to be forgotten etc. ).

Representatives should be located within the EU member state in which the individuals whose data is being processed reside. This is not a simple choice and requires an in-depth legal and business analysis to determine the best location for a company. For this reason we offer a dedicated service to assist companies in assessing their requirements and choosing the best option for them.

It is also recommended that Representatives have experience interacting with supervisory authority as well as handling data subject inquiries. The ability to communicate in a local language is frequently important as the role is likely to include dealing with inquiries from supervisory authorities or data subjects in multiple countries across Europe.

The identity of the representative should be made clear to the data subjects by including their details in privacy policies and information provided to individuals before collecting their data (see Article 13 of the UK-GDPR). The UK Representative's contact information should also be published on your website, giving easy access for supervisory authorities to get in touch with them.

When do you need to nominate a UK Representative?

If your organisation is located outside of the UK and provides goods or services to the UK or monitors the behavior of individuals, you might be required to designate a UK Representative. The Applied GDPR regime in the UK applies to established companies outside the UK that conduct business in the UK and has the same scope of extraterritorial application as EU GDPR (with some exceptions). Take our free self-assessment to check if you're required to comply with this obligation.

A representative is appointed by the appointing entity under a service contract to represent that entity with regard to a number of its obligations under UK and EU GDPR as applicable. In the UK, this would primarily involve facilitating communications between the entity that appointed the representative and the Information Commissioner's Office or any data subjects that are affected in the UK. A Representative can either be an individual or a company with a UK base. The entity that is appointing the representative must make it clear to the data users that their personal data will be processed by the Representative and the identity of the individual or company must be easily accessible to supervisory authorities.

The entity that appointed the representative must provide the contact details of its representative to ICO and all data subjects affected in the UK in accordance with Article 13 as well as 14 of the UK GDPR. It must be clear that the role of a Representative is different from and not compatible with that of a Data Protection Officer ("DPO") which requires a degree of independence and autonomy that cannot be provided by a Representative.

If you have to appoint an official from the UK representative, you should do so as soon as you can. This is because the requirement will be in effect immediately upon Brexit (if there is an 'hard' or 'no deal' Brexit) or after an implementation period (if there is a'soft' or "with deal" Brexit). There is no grace period.

What are the requirements for a UK Representative?

Under the UK data protection laws (and specifically article 27 of the UK GDPR), a representative is an individual or company that is "designated in writing" by an entity that lacks a presence in the UK but is subject to the requirements of the law. The UK representative should be able to represent an entity with respect to its legal obligations. The contact information of the representative should also be accessible to UK residents whose personal data are being processed by a business that is not a UK company.

The individual who is the UK Representative must be a senior worker of the overseas business or media organisation and has been hired and taken on as an employee outside the UK by that media or business organisation. The visa applicant must genuinely intend to work full-time as the UK representative for the media or business organization, and they must not engage in any other business activity in the UK.

The applicant for visas also has to prove that they have the expertise and experience necessary to fulfill their duties as UK representative, which includes serving as a local point of contact for individuals who are data subjects as well as UK authorities responsible for data protection. The UK Representative must have the knowledge and understanding of UK laws regarding data protection to be competent to respond to queries or requests from data protection authorities as well as individuals exercising their rights.

As the Brexit process continues it is likely that the UK data protection laws are going to change over time. However, Becoming an Avon Representative at present, it is expected for companies from outside the UK that conduct business in the UK and handle personal data on individuals in the UK to choose UK Representatives.

This is because article 27 of the GDPR in the United Kingdom, which was retained as a UK national law, requires entities without having a presence in the UK to appoint an UK representative for data protection. If you're not sure if you need a UK representative for data protection it is advised to consult a qualified legal professional.