What do you need to consider when appointing an EU and/or a UK representative?

The primary thing to consider would be the body or organization that you’re appointing is a reputable one and clearly understands the role that they’re carrying out and have got the wherewithal to be able to do that for you.

The kind of things you would look to would be what level of knowledge or expertise they have in that area. Other important factors to consider – a responsible business in this area would be insured and carry the appropriate business liability insurance for the function they’re undertaking. Similarly, things like ISO 27 001 would be a very important factor to consider I think for any serious business looking at information security to see that the organization has that in place. And just to see what levels of communication and responsiveness can you see from the business, because that’s their primary function on your behalf. When you communicate with them, are you being responded to in the kind of way that you would like to see anybody who’s contacting your business in relation to GDPR compliance would receive a similar response.