Loading...

Frequently Asked Questions on the UK privacy law

Prighter UK Lock

Your guide for the UK Privacy Representation Program

Is GDPR still applicable in the UK after Brexit?

Since GDPR is an EU regulation, it will generally no longer be applicable in the UK after Brexit. However, the UK government has incorporated the GDPR into UK data protection law. So, from January 1st, 2021, onwards, the UK version of the GDPR, the “UK GDPR”, will be effective and companies will have to comply with it.

Most requirements remain the same as in the EU GDPR, so companies that already are compliant with the EU GDPR will not have to make major amendments to comply with the UK GDPR. However, doing transborder business might lead to additional requirements such as appointing a UK representative or ensuring compliance regarding international data transfers to and from the UK.

Which companies need a UK representative after Brexit?

The UK government already stated that from January 1st, 2021 onwards, companies who are located outside of the UK, whether in the EU or in a third country, and have no offices, branches, or other establishments in the UK, will have to appoint a UK representative, if they are processing personal data of individuals in the UK that relates to either:

  • offering goods or services to individuals in the UK; or

  • monitoring the behavior of individuals in the UK.

Resources: ICO FAQs UK representatives,

Does my company offer goods or services to individuals in the UK?

Does my company monitor the behavior of individuals in the UK?

Are there any exemptions from this obligation?

Where should my representative be located?

What are the requirements for a representative?

What are the consequences in cases of non-compliance?

Does Prighter offer UK-representation?

Do UK companies need an
Art 27 GDPR representative in the EU?

Which companies need an Art 27 GDPR representative?

Are there any exemptions from this obligation?

Double Representation

Do companies that are based outside the UK and the EU/EEA need two representatives now?

EU-UK Data transfer

What does “adequacy decision” mean?

What happens if there is no adequacy decision after the “bridging period”?

What about data transfers from the UK?