Closer ties with the EU? When it comes to data protection, the EU GDPR rep has ensured the UK remains as close to its European neighbours as it ever was.
Ever since Brexit happened, there’s been a constant and considerable tension between those who want a complete divorce from the EU and those who would prefer closer alignment. The current political mood music suggests that, over time, the UK might lean towards the latter of those options, as evidenced by the UK’s recent return to the EU’s Horizon science programme.
Some have seen this as a clear shift in strategy, but the reality is that it is evolution, not revolution. After all, the UK has been finding ways to rub along with its nearest neighbours for some time now – and nowhere do we see that more clearly than in data protection.
The EU still has an enormous influence on our data protection legislation. At its core, the Data Protection Act 2018, the UK’s data protection law, is a near carbon copy of the EU’s General Data Protection Regulation (GDPR).
And on a daily basis, every UK business that handles the data of EU citizens needs someone to maintain a physical presence within the EU. That might be someone in charge of data issues who’s part of your operation in Brussels, Berlin or Bologna. Or, if yours is an entirely UK-based business, it could be your proxy: your EU GDPR representative.
Years on from the GDPR rep’s introduction, what is the evolving role of the GDPR EU representative for UK businesses in 2023?
The concept of the EU representative was introduced in Article 27 of GDPR. Its purpose is to ensure that EU residents can rely on GDPR to protect their data not just within the EU, but beyond it.
That’s why UK businesses that process the data of EU citizens – wherever that processing takes place – are required to appoint an EU GDPR representative. The representative has a wide range of roles and responsibilities:
One of the primary roles of the GDPR rep is to be accessible to data subjects within the EU. If an EU resident wishes to exercise their rights, for example by requesting access to or deletion of their data, the GDPR representative acts as a bridge between the data subject and the UK-based business. They will translate the request but, far more importantly, they will work with the UK company to help them understand the actions they should take. Effectively, the GDPR services offered by the representative help the UK company shape a compliant response.
The representative serves as a liaison between the UK business and EU supervisory authorities, assisting in matters that involve data protection and privacy.
Practically, the GDPR rep’s services will be urgently required in the event of a data breach affecting EU residents. The GDPR rep will be the point of contact for the authorities and ensure that the UK company’s actions post-breach are effective and compliant.
This is less a responsibility of the EU representative but rather a consequence of the GDPR services they provide. Nevertheless, perhaps the single biggest impact a European representative for GDPR can make is in protecting the UK company not just from potentially enormous fines (a maximum of €20 million or 4% of annual global turnover) but also the potential loss of business that can stem from building a reputation as a company that doesn’t take data protection seriously.
Whether the EU and UK forge closer ties in the future or not, the evolution of GDPR is an inevitability. As part of the GDPR services they provide, your representative will keep track of upcoming legislative change and ensure your organisation remains compliant.
It’s about minimising the risk of data breaches. It’s about protecting your business from reputational and financial harm. It’s about building customer trust. It’s about strengthening global market access and ensuring that as legislation changes, those doors remain open.
Data protection is at the heart of all the above. And the GDPR services provided by your EU rep are how your business takes advantage of them.
Explore how our GDPR services can support you now, get data protection advice or, for questions about your next steps, call +44 1772 217800.