The UK has now left the European Union. Subsequently, the UK is now fully a “third country” as far as the EU is concerned. As a result there are some important changes that UK businesses trading in the EU and foreign businesses trading in the UK must comply with by law.
As a third country, UK entities (as are all entities of non-EU countries), are caught by Article 3 (in particular subsection (3.2)) of the EU GDPR:
“This Regulation applies to the processing of personal data by a controller not established in the European Union, but in a place where Member State law applies by virtue of public international law.”
As a direct result of this, Article 27 of the General Data Protection Regulation (“GDPR”) requires:
i) all UK businesses with no business presence in a EU Member State, that transacts business in the EU, or
ii) monitors the behaviour of individuals within the EU
to have in place a “GDPR Representative” who is a resident in one of the EU Member States in which they transact business.
The GDPR Representative’s role is to ensure that the organisation complies with the GDPR and/or the UK GDPR by enabling communication with individuals and data protection authorities. 360 Business Law has introduced a brand new service offering both EU, UK and overseas companies a “GDPR Representative service” through 360 Business Law (Cyprus) Limited and its various consultant lawyers across the UK and Europe.