Skip to content
Placeholder image

YourTrustedUKGDPRRepresentative  

Do you market goods or services to individuals in the UK? Do you monitor the behaviour of people in the UK without having a UK presence? If so, you're required to appoint a UK GDPR representative. Build trust and grow your brand in the UK with our local experts and powerful SaaS compliance solutions.

Get Started Contact Us

Trusted by Customers all over the World

Do You Need a UK Representative?

Explore our FAQs to understand more about the requirement to appoint a UK GDPR Representative — and what to look for when appointing one.

Why Do You Need a UK GDPR Representative?

If your business markets to people in the UK or tracks what they do online, but you do not have an office or other form of establishment in the UK then you're legally required to have a representative in the UK under Article 27 UK GDPR.

The representative acts as your point of contact for any local data protection issues, supporting your business to achieve compliance with UK data protection laws. The representative’s role is to make it easier for UK individuals and authorities to communicate with you on data protection matters, creating a strong and reliable brand image with your UK stakeholders. Non-compliance with the UK GDPR can be costly. Failing to appoint a UK representative may lead to fines of up to £8.7 million or 2% of your total worldwide annual turnover — whichever is higher. As the representative is a public appointment it’s easy for the Information Commissioner’s Office to check whether a business has complied. 

Pricing Learn More

Leading with Compliance

Appoint a UK GDPR representative that embodies privacy by design. Prighter simplifies compliance without compromising on quality, allowing you to meet your obligations under Article 27 UK GDPR with confidence and showcase your commitment to protecting people’s data.

Featured image

Trusted Local Expertise

We take our role as your representative seriously. Prighter’s dedicated team of UK experts understand the regulatory landscape and your specific needs. Our team ensures smooth communication, fast response times, and reliable guidance to keep you compliant.

Compliance Simplified — From Day One

Everything we do is designed to make your life easier. From our simple onboarding processes, to ready-made privacy policy wording, getting started with Prighter is quick and easy. But we don’t stop there. Our packages include helpful privacy documentation templates and even a software solution helping you to manage data subject requests. Navigating the UK GDPR is straightforward with Prighter by your side.

Stay Connected, Stay Focused

Prighter helps you connect with the UK market while staying focused on your business. As your first point of contact for UK GDPR matters, we act as your local ambassador; handling enquiries and communicating on your behalf with data subjects, B2B customers, and the UK Information Commissioner’s Office.

Featured image

Interaction with the ICO

Prighter is your trusted contact for the Information Commissioner’s Office (the UK data protection authority), keeping communication secure and professional. Our expert team, supported by a smart case management system, handles key situations like regulatory investigations and data breach notifications meaning help is at hand when you need it most.

Dealing with Data Subjects

To help you handle data protection related requests from individuals, Prighter dveeloped it’s our own Privacy Rights Manager. This handy SaaS solution lets you channel, sort, and manage requests with ease and is included with our UK representation subscription. It’s all about staying on top of things and showing you’re in control.

Smart Communication

Prighter’s experts blend legal know-how with real-world experience to simplify your UK stakeholder communications. Our Authority Case Management tracks authority interactions with ease, while our Privacy Rights Manager means your team stays in control of data subject requests. Take advantage of scalable, compliant software that reduces your compliance burden.

Unlock Compliance Value

GDPR compliance has become an operational standard and a mark of trustworthiness, helping to strengthen brand reputation and support business growth.

Featured image

Serious About Privacy

We’ll help show that you’re serious about privacy; drop our rep text into your privacy policy, download our Rep Certificate, put our Compliance Badge on your website and use the Trust Center as your compliance shop window.

Trust Center

Every rep subscription comes with your own customizable Trust Center; showcase your brand, display accreditations, verify your rep appointment in real-time, and power your privacy communications from one central hub

Improve Efficiency

Enhance your operations with a dynamic compliance SaaS platform that streamlines workflows, minimizes manual tasks, and keeps you in step with regulations. Manage data subject requests, engage with authorities, and simplify compliance processes with intelligent, scalable tools, freeing you to focus on your core priorities

Unlock Even More

Our representation services and SaaS solutions are supported by a team of industry leading experts. Along with our partners, we’re there to assist your on-going data protection programs.

Featured image

Expert-Led Service

Our expert team blends legal expertise with real-world compliance know-how. From sharp legal minds to tech-smart specialists, we’ve got the skills to navigate complex regulations with clarity and confidence. Get practical, reliable support tailored to your business goals.

A Shared Approach

Stay ahead with expert updates on the latest in regulation, case law, and authority guidance. From GDPR to AI and Digital Governance, we track what matters so you’re informed and ready to address upcoming regulatory challenges.
UK GDPR Representation icon

UK GDPR Representation

Combine additional Representative services to receive discounts of up to 40%

Select your Size:

Add complementary products:

Privacy Representation

3 products

Digital Governance

3 products

Privacy Software

2 products

€170/month
Billed Annually €2,040
Save €228 /year

Price breakdown:

UK GDPR Representation€170/month

Core Features

Representative for the UK
Qualified local team
Privacy Policy Wording on the Representation
Assisting and Maintaining the Records of Processing Activities(basic)

Marketing Features

Compliance Batch for your website
Dedicated Trust Center
Compliance certificate

Authority Features

Point of contact for the ICO
Unlimited Authority Requests
Authority Case Manager(basic)
Data Breach Notification(basic)

Data Subject Features

Addressee for UK data subjects
Unlimited Data Subject Requests
Privacy Rights Manager (PRM)(UK PRM)

Processor Features

Addressee for UK B2B clients (relevant for processors)
Data Processing Agreement(basic)
International Data Transfer(basic)

Knowledge

Knowledgehub Access
Regulatory Monitoring
GDPR Training

Subscription

Entities and Brands Covered(5)
Digital Governance management suite(5 seats)
Support Level(basic)

How It works

What Our Customers Say

We partner with organisations all around the world to ensure robust compliance. Here's what some of our valued customers have to say about their Prighter experience.

Joannah Bodden Small

Prighter has provided the answer we were looking for in terms of EU and UK GDPR representation. Their team has given excellent assistance on a range of issues, not to mention being incredibly responsive and understanding of our needs as a start-up developing a mobile app. Their commitment to continual evolution is commendable in this complex market and their industry updates and webinars are always engaging and useful. Prighter gives us peace of mind and saves us time and we couldn’t be happier with this reliable partnership.

Joannah Bodden Small
Founder and CEO at Caraleya

Resource Center

Our Resource Centre is designed to help businesses around the world to understand and navigate international privacy, AI, and digital governance compliance. Whether you're new to compliance, or you're an experienced privacy professional, you'll find helpful tips, fresh insights, and practical resources to help you level-up your approach to compliance.

Visit the full Resource Center
Showing 1-15 of 80 results
Auto-generated banner for NIS 2 Self Assessment
Self Assessment
NIS 2

NIS 2 Self Assessment

Take our self assessment today to check your status under the NIS 2!

Andreas Maetzler's profile pictureKatharina Jokic's profile picture
By Andreas Maetzler, Katharina Jokic
Auto-generated banner for What Does the European Commission’s GDPR Reform in 2025 Mean for Your Business?
Article
EU GDPR

What Does the European Commission’s GDPR Reform in 2025 Mean for Your Business?

For businesses operating across the EU — and those from outside who target the EU market — the package carries strategic significance for how data protection compliance is approached. This article explores what this means for you.

Auto-generated banner for Global Privacy and AI Journey: Korea, China, India & EU
Webinar
Chinese PIPLEU GDPRKorean PIPAAI Act

Global Privacy and AI Journey: Korea, China, India & EU

Learn about the new global challenges for privacy and how data protection interrelates with AI governance.

Auto-generated banner for Enforcement of the Digital Services Act is Coming. What Does It Mean for You?
Article
DSA

Enforcement of the Digital Services Act is Coming. What Does It Mean for You?

The EU is ramping up DSA enforcement, especially for VLOPs like X. With the 16 April 2025 reporting deadline ahead, businesses should act now to ensure compliance.

Andreas Maetzler's profile picture
By Andreas Maetzler
Auto-generated banner for NIS 2 Directive is Applicable as of Today: Time to Comply!
News
NIS 2

NIS 2 Directive is Applicable as of Today: Time to Comply!

As of today, 18 October 2024, the EU’s NIS2 Directive is officially applicable, marking a new era in cybersecurity for essential services across Europe.

Elif Merve Demir's profile picture
By Elif Merve Demir
News
Cyber Resilience ActCybersecurity Act

UK's Cyber Security Laws Set for update in 2025: What's Coming Next?

The UK plans to introduce the Cyber Security and Resilience Bill in 2025 to boost cyber defences and protect vital public services from growing digital threats.

Charlotte Mason's profile picture
By Charlotte Mason
News
EU GDPR

GDPR in Practice: Key Insights and Recommendations from the FRA's Latest Report

The European Union Agency for Fundamental Rights (FRA) recently published a comprehensive report on GDPR implementation, highlighting areas for improvement.

News
AI Act

The European Commission Established an AI Office to Advance EU Leadership in Reliable and Safe AI

Today, the establishment of the AI Office was announced by the European Commission. It was developed to reduce risks, maximize societal and economic benefits, and improve AI development, deployment, and use.

News
AI Act

European Council Officially Approves First-Ever Global AI Regulations

The AI Act will be officially published soon and will take effect two years after its publication. This timeframe is important for businesses to build full compliance with the new regulations.

Auto-generated banner for New Consent Requirement for Swiss Traffic: Google's Policy Expansion
News

New Consent Requirement for Swiss Traffic: Google's Policy Expansion

Starting July 31, 2024, Google is expanding its EU User Consent Policy to encompass users in Switzerland.

News

EU-Japan Agreement: Council Approves Data Flow Facilitation Protocol

The Council of EU has officially approved a protocol aimed at facilitating the flow of data between the EU and Japan. This protocol represents a step forward in securing closer economic ties and collaboration between these two regions.

News

Navigating Data Privacy: 'Consent or Pay' Models and the Path Forward

The recent Court of Justice of the European Union (CJEU) ruling on Meta's data processing practices has sparked uncertainty among many companies.

News
EU GDPR

GDPR Compliance in AI: Essential Tips from CNIL's Latest Guidance

The French Data Protection Authority (CNIL) released a set of recommendations which provide both legal and technical explanations between the GDPR and AI to ensure the protection of personal data while developing AI systems.

News

Landmark US Privacy Bill Unveiled: A Leap Forward for Digital Privacy Rights

Last week, two influential members of the U.S. Congress unveiled a draft bipartisan, bicameral federal privacy bill, in a crucial step forward for safeguarding individuals' privacy rights in the digital era.

Auto-generated banner for Data Breach Notifications Across Europe: EDPB's list published!
News

Data Breach Notifications Across Europe: EDPB's list published!

This significant update nearly went unnoticed as all attention was focused on the final text of the AI Act. The EDPB finally published the list detailing the notification processes of all relevant EEA data protection authorities (DPAs).

Frequently Asked Questions on Prighter UK-Rep

Does our company need an Art. 27 UK GDPR representative in the UK?

Is GDPR still applicable in the UK after Brexit?

Since GDPR is an EU regulation, it will generally no longer be applicable in the UK after Brexit. However, the UK government has incorporated GDPR into UK data protection law. So, from 1st January 2021 onwards, the UK version of GDPR, the “UK GDPR”, will be effective and companies will have to comply with it. Most requirements remain the same as in the EU GDPR, so companies that are already compliant with the EU GDPR will not have to make major amendments to comply with the UK GDPR. However, doing transborder business might lead to additional requirements such as appointing a UK representative or ensuring compliance regarding international data transfers to and from the UK.

Which companies need a UK representative after Brexit?

The UK government have stated that from 1st January 2021 onwards, companies who are located outside of the UK, whether in the EU or in a third country, and have no offices, branches, or other establishments in the UK, will have to appoint a UK representative, if they are processing personal data of individuals in the UK that relates to either:

  • offering goods or services to individuals in the UK; or
  • monitoring the behaviour of individuals in the UK.

Resources: ICO FAQs UK representatives

Does our company offer goods or services to individuals in the UK?

The EDPB has published guidelines on the territorial scope of the GDPR and appointing a representative (Guideline 3/2018). Even though these guidelines will not be directly relevant to the UK law anymore, the ICO stated that they still provide helpful guidance when dealing with specific issues. Hence, when determining the territorial scope of the GDPR the EDPB guidelines can help, as long as the UK government does not adopt new regulations concerning this topic. According to these guidelines, different factors are considered when determining if a company is offering their goods or services to individuals in the EU. Some factors to be considered, adjusted to a UK-only application, would be:

  • using language that is used in the UK and offering the UK currency GBP;
  • using ads to address UK individuals or other marketing tools directed towards UK customers;
  • mentioning addresses or phone numbers to be reached from the UK;
  • use of UK top-level domains;
  • offering delivery of goods to the UK.

Does our company monitor the behaviour of individuals in the UK?

Again, the guidelines of the EDPB can help to assess whether a company is monitoring the behaviour of UK individuals, as long as the UK government does not adopt new regulations (Guideline 3/2018). According to the EDPB guidelines, monitoring can take place both on the internet and through wearables and other smart devices. Some examples of monitoring activities would be:

  • behavioural advertisement
  • geo-localisation activities
  • online tracking by using cookies or other tracking technologies
  • market surveys and other behavioural studies based on individual profiles
  • CCTV

Are there any exemptions from this obligation?

If you are a public authority, there is no need for you to appoint a representative. Also, if your company fulfils all of the following criteria, there is no obligation to appoint a UK representative:

  • You are processing personal data only on an occasional basis; and
  • the data processing is of low risk to the data protection rights of the data subjects; and
  • there is no great extent of processing special categories of data or data concerning criminal offences.

Generally speaking, it is hard for companies to fulfil all criteria mentioned above which is why they are hardly ever able to take advantage of this exemption.

Resources: ICO FAQs UK representatives

What are the consequences in cases of non-compliance?

If your company is obligated to appoint a representative but fails to do so, fines of up to GBP 8.7 million or 2% of your annual global turnover (whichever is higher) can be issued.

What should I look for in a UK privacy representative? And what is Prighter’s approach?

What are the requirements of a UK privacy representative and how does Prighter meet these requirements?

Since your UK privacy representative should be able to represent you regarding your legal obligations under the UK GDPR, make sure the representative is not a PO tbox but a qualified privacy professional located in the UK. The representative should be appointed in writing and will act on your behalf regarding your compliance with UK GDPR, as well as functioning as a local contact point for UK data subjects and the UK supervisory authority, ICO.

How does Prighter match these requirements?

  • The UK privacy representation is provided by Prighter Ltd, a UK company which is part of Prighter Group powered by Maetzler Rechtsanwalts GmbH & Co KG;
  • With Prighter Ltd, trained lawyers and privacy professionals are available to support you in all UK related privacy matters and even beyond; and
  • A written appointment is part of the onboarding flow. Clients can sign a Power of Attorney directly online in an end-to-end digital process.

Resources: ICO FAQs UK representatives

What is Prighter's approach to EU GDPR representation?

Our goal is to enable companies without a subsidiary, branch or other establishment in the UK to comply with the UK privacy framework through a combination of legal expertise and technology to deliver this expertise. We put the practical insights we gain as a law firm (due to our role as the appointed Data Protection Officer for major banks, financial service providers, tech companies) into the development of our tools for handling Data Subject Requests (DSR) and data breaches, and for the management of records of processing activities. We support you in all privacy related matters, but above all we help your business to grow by enabling you to improve customer trust by handling privacy matters in an efficient and professional way.

What do I get by appointing Prighter as my UK Privacy Representative?

The core of our service is representation according to Art. 27 UK-GDPR. Around this requirement we have built features, services, and tools which enable you to leverage your compliance in order to increase efficiency and gain trust with your customers and partners. For more information about the services offered visit “UK-Rep Services”:

  • UK Representation:

By subscribing to the UK Privacy Representation Program, you appoint us as your certified UK Privacy Representative. Our highly professional team of lawyers and privacy professionals will give you the support you need to deal with requests from data subjects and data protection supervisory authorities.

  • Gain Trust:

We provide you with a Compliance Landing Page that you can customise for your brand and to include privacy and security related certificates as well as your privacy and cookie policies. This is your window to the world of privacy-related matters which helps you increase customer trust and confidence by demonstrating your privacy regulations readiness. The Compliance Landing Page also serves as an access point for privacy related requests which you can then easily manage with your GDPR Privacy Software tools.

  • Privacy Software Tools:

For any data subject requests (DSRs) from existing or potential clients we have built a tool to manage the lifecycle of such privacy requests. This saves you time, internal resources, and money, and reduces your compliance risk substantially. Furthermore, all standard requests from the ICO are covered (e.g. requests to submit records of processing activities).

How does Prighter handle requests from data subjects and the ICO?

This is where our innovation comes into play. We built the Data Subject Request (DSR) management tool to channel, structure, and filter all incoming privacy requests from clients and authorities. You can handle requests from millions of data subjects in one tool with the help of our proprietary AI technology. We cover and support all aspects of the formal handling of DSRs including the communication with data subjects. What actually needs to be done in your database (e. g. delete a data subject), is always your own decision. The DSR tool is designed to manage the lifecycle of a data subject request to get all formal aspects right and offer you a framework of advice.

Visit Prighter DSR

How do the requirements for the different types of representation relate to each other?

Do UK companies need an Art. 27 GDPR representative in the EU?

Generally, companies which have no offices, branches or other establishments in the EU/EEA need an Art 27 EU GDPR representative if they are:

  • offering goods or services to individuals in the EU/EEA; or
  • monitoring the behaviour of individuals in the EU/EEA.

After Brexit, the UK is no longer a Member State of the EU and consequently an establishment in the UK does not count as an EU/EEA establishment anymore, therefore this general rule will oblige UK companies, who fulfil the above criteria, to appoint an Art. 27 GDPR representative. So, if you are an UK company that reaches out to the EU/EEA market without having an establishment within the EU/EEA, you will be required to appoint an Art. 27 representative.

Are there any exemptions from this obligation?

If you are a public authority, you do not need to appoint a representative. Also, if you meet all the following criteria you are exempted from this obligation:

  • You are processing personal data only on an occasional basis; and
  • the processing is of low risk to the rights of the data subjects; AND
  • the processing does not involve large-scale usage of special categories of data or criminal offence data.

For any further questions concerning the appointment of an Art. 27 GDPR representative please see our Art. 27 EU GDPR FAQ.

Do companies that are based outside the UK and the EU/EEA need two representatives now?

Companies which are established outside the UK and the EU/EEA and neither have an establishment within the UK nor the EU/EEA but are

  • offering goods or services to individuals in the EU/EEA; or
  • monitoring the behaviour of individuals in the EU/EEA.

will have to appoint two representatives, in both the EU and the UK, in order to comply with EU regulations on one hand, and UK regulations on the other.

Since Prighter has offices in the EU as well as in the UK, we are able to offer you EU representation as well as UK representation.

How can our company appoint Prighter as our UK privacy representative?

What is the process of appointing Prighter as our UK privacy representative?

The onboarding process is simple and can be completed in a couple of minutes, but the best part is: We grant your company a risk-free 14 day trial to make the appointment completely risk-free.

Choose a plan. The available plans depend on your company's size. The size of the company is defined according to the Eurostat categories and thereforeby the number of persons employed. 'Employees' includes part-timeworkers and freelancers.

Enter your company's details. Your risk-free 14 day trial period starts when you complete this step.

After registering, you will find a download button for the Power of Attorney (PoA). A signed PoA is required as evidence of the appointment of Prighter as your representative in case of requests by supervisory authorities. We kindly ask you to sign and upload your PoA.

Our team will check and verify the provided information on your company and the PoA. This is usually done within a couple of hours.

After the PoA has been approved, your company has successfully appointed Prighter as it's UK privacy representative. You can log in to your client area where you can find templates and information on what you can include in your homepage and privacy policy.

Are we required to notify the ICO of our appointment of Prighter?

Contrary to the appointment of a DPO, you don't need to notify the ICO of the representation. In the event that the ICO has an inquiry about a company, they take the necessary information from the company's privacy policy.

Please note that contrary to UK privacy representation, a NIS representation needs to be notified to the ICO.

We are a group of companies. Do you offer special options for groups?

Every separate entity requires representation according to Art 27 UK GDPR. Nevertheless, Prighter offers your group the option to sign up for a group package to manage the representation of your affiliates through one main account, with sub-accounts for every affiliate. You will be required to internally select a centralised point of data protection management for the group to handle both the main account and the sub-accounts with one centralised login. The number of affiliates covered depends on the package you signed up for. The "small enterprise" package includes two affiliates, the "medium enterprise" package includes up to 5 affiliates, and the "large enterprise' package includes an unlimited number of affiliates. All included group entities must operate in the same industry, offer the same range of products, and have the same or a linked brand.

What does the service cost and what are the payment options?

Subscription pricing is based on your company size according to official Eurostat categories and the number of entities to be covered, starting from €19 per month. We offer a 14-day trial period on all subscriptions so that you can get to know our service without any risk. All of our pricing is transparent and there are no hidden costs as we do not charge per request from data subjects. You can choose between monthly, quarterly, or yearly payments. Your company gets a discount for quarterly payments and an even higher discount for the yearly payments option.

Furthermore, you can choose between paying with credit card, or via bank transfer. We accept almost all credit cards. Bank transfers are acceptable in EUR, USD and GBP for annual payments. Please contact our support team should you have any further questions!