As a result of Brexit, the UK has left the European Union and adopted its own version of the GDPR which applies from 31 December 2020, known as ‘UK GDPR’. If you are a private sector business with no physical presence in the EU, then under the EU GDPR you are likely to need to appoint a EU representative if you process the personal data of EU individuals, to target goods or services to them or to monitor their behaviour. You may also need a EU representative if you process that data for others. This new legal requirement is mandatory, and failure to comply with it can result in large fines of up to £8.7M or (if higher) 2% of worldwide turnover.

Your EU representative’s primary role is to act as the point of contact for any issues relating to your processing of personal data in the EU. This includes communications with your EU customers and contacts. Your EU representative must also keep a copy of your EU data processing inventory, known as your ‘Record of Processing Activities’, which you are required to create and maintain under the EU-GDPR.