Skip to content
Placeholder image

安心のUKGDPR代理人サービス

EU市場での事業展開を、PrighterのGDPR代理人サービスでしっかりサポート。 私たちは、EU GDPR第27条に基づく「代理人」として、法令遵守を支援し、リスクを最小限に抑えるだけでなく、顧客からの信頼を高めてビジネス価値の向上にも貢献します。 安心してEUビジネスを展開しましょう。

世界中のお客様に信頼されています。

UK GDPRの代理人って必要?

UK GDPRにおける代理人選任の要件や、選任時に確認すべきポイントについては、FAQで詳しくご紹介しています。

UK GDPR(英国一般データ保護規則)とは?

英国に拠点を持たないまま英国市場でビジネスを展開し、個人に商品・サービスを提供したり、オンライン上の行動をモニタリングしている場合、UK GDPR第27条に基づき英国に代理人を任命する必要があります。

代理人は現地でデータ保護関連の連絡窓口として機能し、英国の個人や監督当局とのスムーズなコミュニケーションを可能にします。これにより英国市場での信頼性が向上し、ブランド価値を高められます。

UK GDPRに違反すると高額な罰金が科されるリスクがあります。代理人を任命しない場合、最大870万ポンドまたは全世界売上高の2%のいずれか高い方の罰金が科される可能性があります。また、代理人は公的に任命されるため、情報コミッショナー事務局(ICO)が簡単に遵守状況を確認できます。

もっと読む

まずはコンプライアンスから

UK GDPR第27条に準拠した代理人の選任は、プライバシー・バイ・デザインの姿勢を体現する第一歩です。Prighterなら、品質を損なうことなくコンプライアンス対応をシンプルに。法令遵守はもちろん、データ保護への真摯な姿勢を対外的に示すことができます。

Featured image

信頼できる現地の専門チーム

Prighterは、UK代理人としての役割をしっかり担います。UKの法規制に精通した専任チームが、貴社のニーズに合わせたサポートを提供。スムーズな連絡体制と迅速な対応で、確実なコンプライアンスを支えます。

かんたん導入

私たちのサービスは、すべて「分かりやすさ」と「始めやすさ」を追求しています。簡単なオンボーディング、プライバシーポリシーのひな型、便利なテンプレート資料に加え、データ主体からの請求対応を支援するソフトウェアもご用意。UK GDPRへの対応が、Prighterとなら迷わず・効率的に進められます。

UK対応はお任せ

Prighterは、UK GDPRに関する窓口業務を担い、貴社がビジネスに専念できる体制を整えます。代理人として、データ主体・B2Bクライアント・UKの監督機関(ICO)との連絡や対応を貴社に代わってスムーズに実施します。

Featured image

ICO(UK監督機関)とのやり取りもお任せ

Prighterは、UKのデータ保護監督機関であるICOとの信頼できる窓口です。専門チームとスマートなケース管理システムにより、調査対応や漏えい通知など重要な場面にも確実に対応。必要なときに、確かな支援を受けられます。

データ主体から要求にもスマートに対応

個人からのGDPR関連の要求対応には、Prighter独自のSaaS「Privacy Rights Manager」が付属。要求内容の仕分け・整理・対応をかんたんに管理でき、UK代理人契約に含まれています。適切に対応できる体制を整え、対応力と信頼性を示すことができます。

スムーズなコミュニケーションを実現

Prighterの専門家は、法的知見と現場経験を融合させ、UKにおける関係者とのやり取りをわかりやすく整理。「Authority Case Management」で当局対応を、「Privacy Rights Manager」で要求対応を、一元的に・効率的に管理できます。スケーラブルかつ法令準拠のソフトウェアで、負担を減らしながら確実に対応しましょう。

コンプライアンスで価値を高める

GDPR対応は、ビジネスにおける運用標準であり、信頼性の証となっています。ブランドの評判を強化し、事業成長を後押しする要素です。

Featured image

プライバシーへの本気度を示しましょう

プライバシーポリシーに代理人情報を追加し、代理人証明書をダウンロード、ウェブサイトにコンプライアンスバッジを掲載し、コンプライアンス情報をまとめて見せられるページを活用しましょう。

Trust Center

すべての代理人契約にはカスタマイズ可能なTrust Centerが含まれます。ブランドをアピールし、認証を表示し、代理人選任の確認をリアルタイムで提供。プライバシーに関するコミュニケーションを一元管理できます。

業務効率を向上

動的なコンプライアンスSaaSプラットフォームでワークフローを最適化。データ主体からの要求管理、当局対応、コンプライアンス業務全体をスマートで拡張性のあるツールで効率化し、本業に集中できる環境を整えます。

コンプライアンスを次のレベルへ

Prighterの代理人サービスとSaaSソリューションは、業界トップクラスの専門家チームによって支えられています。パートナーと連携しながら、データ保護プログラムを継続的にサポートします。

Featured image

専門家主導のサポート

法律知識と実務経験を兼ね備えた専門チームが、複雑な規制も明確かつ自信を持って対応できるようサポート。法務のプロからテクノロジーに強い専門家まで、貴社の目標に合わせた実用的で信頼できる支援を提供します。

最前線の対応力

最新の法規制、判例、監督機関のガイダンスについて専門家が情報を提供し、常に一歩先を行く対応を支援します。GDPRからAI、デジタルガバナンスまで重要な動向を追跡し、次の規制対応に向けた準備を整えられるようサポートします。

UK GDPR Representation icon

UK GDPR Representation

追加の代表サービスを組み合わせて、最大40%の割引を受ける

サイズを選択:

補完製品を追加:

Privacy Representation

3 products

Digital Governance

3 products

Privacy Software

2 products

¥43,200/月
年間 ¥518,400
年間¥57,600 の割引

価格内訳:

UK GDPR Representation¥43,200/月

Core Features

Representative for the UK
Qualified local team
Privacy Policy Wording on the Representation
Assisting and Maintaining the Records of Processing Activities(basic)

Marketing Features

Compliance Batch for your website
Dedicated Trust Center
Compliance certificate

Authority Features

Point of contact for the ICO
Unlimited Authority Requests
Authority Case Manager(basic)
Data Breach Notification(basic)

Data Subject Features

Addressee for UK data subjects
Unlimited Data Subject Requests
Privacy Rights Manager (PRM)(UK PRM)

Processor Features

Addressee for UK B2B clients (relevant for processors)
Data Processing Agreement(basic)
International Data Transfer(basic)

Knowledge

Knowledgehub Access
Regulatory Monitoring
GDPR Training

Subscription

Entities and Brands Covered(5)
Digital Governance management suite(5 seats)
Support Level(basic)

How It works

お客様の声

世界中の組織と提携し、堅牢なコンプライアンスを確保しています。以下は、当社の尊敬されるお客様がPrighterの体験について述べた内容です。

Joannah Bodden Small

Prighter は、EU および UK GDPR の代理人契約に関して、私たちが求めていた答えを提供してくれました。モバイルアプリを開発するスタートアップという立場でのニーズにも即応し、チーム全員が高品質で親身なサポートをしてくださいました。複雑な市場においてサービスを進化させ続ける姿勢も立派ですし、業界アップデートやウェビナーも常に魅力的かつ有用です。Prighter があることで安心感が得られ、時間も節約できており、信頼できるパートナーシップに心から満足しています。

Joannah Bodden Small
Founder and CEO at Caraleya

情報ライブラリ

Prighterの情報ライブラリは、世界中の企業が国際的なプライバシー、AI、デジタル・ガバナンスに関する規制を理解し、対応できるよう支援するためのコンテンツを揃えています。
コンプライアンスに不慣れな方も、専門家の方も、ご自身の取り組みをレベルアップするための実用的なヒントや最新情報が見つかります。

情報ライブラリへ移動
Showing 1-15 of 81 results

Frequently Asked Questions on Prighter UK-Rep

Does our company need an Art. 27 UK GDPR representative in the UK?

Is GDPR still applicable in the UK after Brexit?

Since GDPR is an EU regulation, it will generally no longer be applicable in the UK after Brexit. However, the UK government has incorporated GDPR into UK data protection law. So, from 1st January 2021 onwards, the UK version of GDPR, the “UK GDPR”, will be effective and companies will have to comply with it. Most requirements remain the same as in the EU GDPR, so companies that are already compliant with the EU GDPR will not have to make major amendments to comply with the UK GDPR. However, doing transborder business might lead to additional requirements such as appointing a UK representative or ensuring compliance regarding international data transfers to and from the UK.

Which companies need a UK representative after Brexit?

The UK government have stated that from 1st January 2021 onwards, companies who are located outside of the UK, whether in the EU or in a third country, and have no offices, branches, or other establishments in the UK, will have to appoint a UK representative, if they are processing personal data of individuals in the UK that relates to either:

  • offering goods or services to individuals in the UK; or
  • monitoring the behaviour of individuals in the UK.

Resources: ICO FAQs UK representatives

Does our company offer goods or services to individuals in the UK?

The EDPB has published guidelines on the territorial scope of the GDPR and appointing a representative (Guideline 3/2018). Even though these guidelines will not be directly relevant to the UK law anymore, the ICO stated that they still provide helpful guidance when dealing with specific issues. Hence, when determining the territorial scope of the GDPR the EDPB guidelines can help, as long as the UK government does not adopt new regulations concerning this topic. According to these guidelines, different factors are considered when determining if a company is offering their goods or services to individuals in the EU. Some factors to be considered, adjusted to a UK-only application, would be:

  • using language that is used in the UK and offering the UK currency GBP;
  • using ads to address UK individuals or other marketing tools directed towards UK customers;
  • mentioning addresses or phone numbers to be reached from the UK;
  • use of UK top-level domains;
  • offering delivery of goods to the UK.

Does our company monitor the behaviour of individuals in the UK?

Again, the guidelines of the EDPB can help to assess whether a company is monitoring the behaviour of UK individuals, as long as the UK government does not adopt new regulations (Guideline 3/2018). According to the EDPB guidelines, monitoring can take place both on the internet and through wearables and other smart devices. Some examples of monitoring activities would be:

  • behavioural advertisement
  • geo-localisation activities
  • online tracking by using cookies or other tracking technologies
  • market surveys and other behavioural studies based on individual profiles
  • CCTV

Are there any exemptions from this obligation?

If you are a public authority, there is no need for you to appoint a representative. Also, if your company fulfils all of the following criteria, there is no obligation to appoint a UK representative:

  • You are processing personal data only on an occasional basis; and
  • the data processing is of low risk to the data protection rights of the data subjects; and
  • there is no great extent of processing special categories of data or data concerning criminal offences.

Generally speaking, it is hard for companies to fulfil all criteria mentioned above which is why they are hardly ever able to take advantage of this exemption.

Resources: ICO FAQs UK representatives

What are the consequences in cases of non-compliance?

If your company is obligated to appoint a representative but fails to do so, fines of up to GBP 8.7 million or 2% of your annual global turnover (whichever is higher) can be issued.

What should I look for in a UK privacy representative? And what is Prighter’s approach?

What are the requirements of a UK privacy representative and how does Prighter meet these requirements?

Since your UK privacy representative should be able to represent you regarding your legal obligations under the UK GDPR, make sure the representative is not a PO tbox but a qualified privacy professional located in the UK. The representative should be appointed in writing and will act on your behalf regarding your compliance with UK GDPR, as well as functioning as a local contact point for UK data subjects and the UK supervisory authority, ICO.

How does Prighter match these requirements?

  • The UK privacy representation is provided by Prighter Ltd, a UK company which is part of Prighter Group powered by Maetzler Rechtsanwalts GmbH & Co KG;
  • With Prighter Ltd, trained lawyers and privacy professionals are available to support you in all UK related privacy matters and even beyond; and
  • A written appointment is part of the onboarding flow. Clients can sign a Power of Attorney directly online in an end-to-end digital process.

Resources: ICO FAQs UK representatives

What is Prighter's approach to EU GDPR representation?

Our goal is to enable companies without a subsidiary, branch or other establishment in the UK to comply with the UK privacy framework through a combination of legal expertise and technology to deliver this expertise. We put the practical insights we gain as a law firm (due to our role as the appointed Data Protection Officer for major banks, financial service providers, tech companies) into the development of our tools for handling Data Subject Requests (DSR) and data breaches, and for the management of records of processing activities. We support you in all privacy related matters, but above all we help your business to grow by enabling you to improve customer trust by handling privacy matters in an efficient and professional way.

What do I get by appointing Prighter as my UK Privacy Representative?

The core of our service is representation according to Art. 27 UK-GDPR. Around this requirement we have built features, services, and tools which enable you to leverage your compliance in order to increase efficiency and gain trust with your customers and partners. For more information about the services offered visit “UK-Rep Services”:

  • UK Representation:

By subscribing to the UK Privacy Representation Program, you appoint us as your certified UK Privacy Representative. Our highly professional team of lawyers and privacy professionals will give you the support you need to deal with requests from data subjects and data protection supervisory authorities.

  • Gain Trust:

We provide you with a Compliance Landing Page that you can customise for your brand and to include privacy and security related certificates as well as your privacy and cookie policies. This is your window to the world of privacy-related matters which helps you increase customer trust and confidence by demonstrating your privacy regulations readiness. The Compliance Landing Page also serves as an access point for privacy related requests which you can then easily manage with your GDPR Privacy Software tools.

  • Privacy Software Tools:

For any data subject requests (DSRs) from existing or potential clients we have built a tool to manage the lifecycle of such privacy requests. This saves you time, internal resources, and money, and reduces your compliance risk substantially. Furthermore, all standard requests from the ICO are covered (e.g. requests to submit records of processing activities).

How does Prighter handle requests from data subjects and the ICO?

This is where our innovation comes into play. We built the Data Subject Request (DSR) management tool to channel, structure, and filter all incoming privacy requests from clients and authorities. You can handle requests from millions of data subjects in one tool with the help of our proprietary AI technology. We cover and support all aspects of the formal handling of DSRs including the communication with data subjects. What actually needs to be done in your database (e. g. delete a data subject), is always your own decision. The DSR tool is designed to manage the lifecycle of a data subject request to get all formal aspects right and offer you a framework of advice.

Visit Prighter DSR

How do the requirements for the different types of representation relate to each other?

Do UK companies need an Art. 27 GDPR representative in the EU?

Generally, companies which have no offices, branches or other establishments in the EU/EEA need an Art 27 EU GDPR representative if they are:

  • offering goods or services to individuals in the EU/EEA; or
  • monitoring the behaviour of individuals in the EU/EEA.

After Brexit, the UK is no longer a Member State of the EU and consequently an establishment in the UK does not count as an EU/EEA establishment anymore, therefore this general rule will oblige UK companies, who fulfil the above criteria, to appoint an Art. 27 GDPR representative. So, if you are an UK company that reaches out to the EU/EEA market without having an establishment within the EU/EEA, you will be required to appoint an Art. 27 representative.

Are there any exemptions from this obligation?

If you are a public authority, you do not need to appoint a representative. Also, if you meet all the following criteria you are exempted from this obligation:

  • You are processing personal data only on an occasional basis; and
  • the processing is of low risk to the rights of the data subjects; AND
  • the processing does not involve large-scale usage of special categories of data or criminal offence data.

For any further questions concerning the appointment of an Art. 27 GDPR representative please see our Art. 27 EU GDPR FAQ.

Do companies that are based outside the UK and the EU/EEA need two representatives now?

Companies which are established outside the UK and the EU/EEA and neither have an establishment within the UK nor the EU/EEA but are

  • offering goods or services to individuals in the EU/EEA; or
  • monitoring the behaviour of individuals in the EU/EEA.

will have to appoint two representatives, in both the EU and the UK, in order to comply with EU regulations on one hand, and UK regulations on the other.

Since Prighter has offices in the EU as well as in the UK, we are able to offer you EU representation as well as UK representation.

How can our company appoint Prighter as our UK privacy representative?

What is the process of appointing Prighter as our UK privacy representative?

The onboarding process is simple and can be completed in a couple of minutes, but the best part is: We grant your company a risk-free 14 day trial to make the appointment completely risk-free.

Choose a plan. The available plans depend on your company's size. The size of the company is defined according to the Eurostat categories and thereforeby the number of persons employed. 'Employees' includes part-timeworkers and freelancers.

Enter your company's details. Your risk-free 14 day trial period starts when you complete this step.

After registering, you will find a download button for the Power of Attorney (PoA). A signed PoA is required as evidence of the appointment of Prighter as your representative in case of requests by supervisory authorities. We kindly ask you to sign and upload your PoA.

Our team will check and verify the provided information on your company and the PoA. This is usually done within a couple of hours.

After the PoA has been approved, your company has successfully appointed Prighter as it's UK privacy representative. You can log in to your client area where you can find templates and information on what you can include in your homepage and privacy policy.

Are we required to notify the ICO of our appointment of Prighter?

Contrary to the appointment of a DPO, you don't need to notify the ICO of the representation. In the event that the ICO has an inquiry about a company, they take the necessary information from the company's privacy policy.

Please note that contrary to UK privacy representation, a NIS representation needs to be notified to the ICO.

We are a group of companies. Do you offer special options for groups?

Every separate entity requires representation according to Art 27 UK GDPR. Nevertheless, Prighter offers your group the option to sign up for a group package to manage the representation of your affiliates through one main account, with sub-accounts for every affiliate. You will be required to internally select a centralised point of data protection management for the group to handle both the main account and the sub-accounts with one centralised login. The number of affiliates covered depends on the package you signed up for. The "small enterprise" package includes two affiliates, the "medium enterprise" package includes up to 5 affiliates, and the "large enterprise' package includes an unlimited number of affiliates. All included group entities must operate in the same industry, offer the same range of products, and have the same or a linked brand.

What does the service cost and what are the payment options?

Subscription pricing is based on your company size according to official Eurostat categories and the number of entities to be covered, starting from €19 per month. We offer a 14-day trial period on all subscriptions so that you can get to know our service without any risk. All of our pricing is transparent and there are no hidden costs as we do not charge per request from data subjects. You can choose between monthly, quarterly, or yearly payments. Your company gets a discount for quarterly payments and an even higher discount for the yearly payments option.

Furthermore, you can choose between paying with credit card, or via bank transfer. We accept almost all credit cards. Bank transfers are acceptable in EUR, USD and GBP for annual payments. Please contact our support team should you have any further questions!