Since Brexit, the United Kingdom is considered a "third country" under the GDPR. Companies based in the UK that process data of EU citizens must now appoint an EU representative according to Article 27 of the GDPR. Additionally, the UK Data Protection Act also requires a UK Representative who is based in the United Kingdom. This obligation has been clarified by the UK's data protection authority, the ICO. This means that all companies outside the UK must appoint a UK Representative if they continue to offer services in the UK and process personal data of British citizens.


  • Ensuring compliance with the UK Data Protection Act: Avoid hefty fines and legal risks.
  • Competent point of contact: We offer comprehensive expertise in European and UK data protection law.
  • All-around service: We also support you as a Data Protection Officer in the EU and UK, providing the necessary expertise.


ePrivacy supports you as a UK representative to ensure a high level of data protection and to implement your business models optimally. Acting as your national representative under UK data protection law, we serve your customers in the UK. We provide long-term consultancy on all data protection matters, allowing you to focus on your core business activities.

UK Representative

  • UK representative and assumption of duties according to UK data protection law
  • We are available as a contact point for data subjects and supervisory authorities
  • Further consultancy under UK data protection law as a UK DPO or advisor is always possible
Learn more about the UK Representative

High Expertise

  • Comprehensive expertise in UK data protection law
  • Highly experienced in dealing with supervisory authorities
  • Official point of contact for UK authorities
Learn more about our Expertise

UK-Representative Data Protection

Until now, only businesses based outside the EU were required to install a so-called EU Representative as a contact person for data protection issues under art. 27 GDPR.

With the UK's withdrawal from the EU as of 01.01.2021, the UK is now also a “third country” from the GDPR’s point of view and businesses based in the UK that process personal data of EU residents must now appoint an EU Representative.

But the effects of Brexit go far beyond this: The UK will essentially retain the GDPR as a national law. This means that British data protection law (article 27 UK representative) requires a representative in the United Kingdom in the same way as art. 27 GDPR does – with the difference that the UK data representative must be established within the United Kingdom. The UK’s data protection authority, the ICO, has clarified this recently.​

This means that all businesses based outside the UK (including EU companies!) must appoint a UK Representative (uk data protection representative) established within the UK if they continue to provide services in the UK and thereby process personal data of UK residents.

In addition to the “UK Representative”, UK data protection law also requires the appointment of a data protection officer. However, this person does not need to be based in the UK, but can also be based in the EU – provided he or she has the necessary expertise in UK data protection law.

All of this can be summarised as follows:

Do you have questions or recommendations for us?

We are glad to receive your comments.