GDPR Compliance Policy - Local Representative

Mark McFaul

Hi llma,

Article 27 Local Representative in the GDPR compliance policy states:

"For entities operating outside of the EU, Representatives must be named (a Representative is defined in Article 4 as “a natural or legal person established in the [EU] who, designated by the controller or processor in writing pursuant to Article 27, represents the controller or processor with regard to their respective obligations under the GDPR.”). Representatives must be established in one of the EU Member States where the data subjects whose personal data the company processes are located. Companies operating in the UK must also appoint a UK Representative."

However, our company is based in the UK and only currently works with other UK based companies. Do we still need to appoint an EU and UK representative?

If they are required, can you provide any advice on how we go about appointing a representative? Can it just be someone from a law firm that we work with or is it a specialist role?





  • Comment author
    Ilma Vanta Team Member
    Hi Mark!
    It’s okay if you are in the UK. Here’s an article that outlines this as well. In addition, be sure to include in your privacy policy something along the lines of:
    [NAME] is our personal UK representative, and they can be reached at: [email]
  • Comment author
    Mark McFaul

    Ok, so you are saying that we only need to appoint a personal representative for the UK then?


Please sign in to leave a comment.