What is the difference between an EU representative and a UK representative?
The UK has adopted its own form of the GDPR which will apply after Brexit, and it’s called the UK GDPR, and at present is very similar to the EU’s original GDPR. Of course the UK has been observing the GDPR since it came in, and therefore the UK’s GDPR has its own Article 27 of the UK GDPR which requires non UK based businesses to appoint a representative in the UK, if the business doesn’t have an establishment in the UK, and it’s holding data on behalf of people who are in the UK. So, after Brexit a non UK business will have to appoint a UK representative in the same way that a non EU based business, dealing with people in the EU and holding data on behalf of people in the EU will need to do so currently. Potentially a business located outside of both the EU and the UK, for example in North America or anywhere else internationally outside of the two jurisdictions could possibly, if they are dealing with data subjects who are located in the EU and the UK, be required to appoint two different representatives, one based in the UK to represent UK data subjects and one based in the EU to represent EU data subjects, as things currently stand. Obviously after the UK leaves the EU, it may change its rules around data protection and there is some uncertainty around that, but at present, that is how things stand.