Under the UK General Data Protection Regulation (UK GDPR), data controllers and processors based outside the UK that offer goods and services to, or monitor the behaviour of British residents must appoint a UK representative. The UK representative acts as a local contact for data subjects and the ICO in relation to all issues concerning processing of personal data.
So if you have clients and customers in the UK, and if you want to comply with the law, then there are some key steps you need to take:
- Appoint a Data Protection Representative in the UK
- Publicise your UK representative’s contact details for UK clients, customers and authorities regarding privacy matters
IOLIS will serve as your UK representative, in compliance with Article 27 of the UK GDPR.
- Act as a local point of contact for UK data subjects for all matters related to processing of their personal data
- Facilitate communications between your organisation and data subjects
- Facilitate communications between your organisation and the ICO
- Hold a record of your processing activities in accordance with Article 30 of the UK GDPR and make the record available to the ICO on request
- Co-operate with the ICO on your behalf where required