At the end of the Brexit transition period on 31 December 2020 (not the exit day on 31 January 2020), the UK leaving the EU will affect the Representative obligation for three types of organisations: 

  • UK-based companies selling to the EU, with no EU office

  • International companies selling to the EU, whose only EU office is in the UK

  • All companies (including those in the EU) selling to the UK with no UK office

Headspace - Mindfulness app (USA/UK)

Michael Marchand, Legal Affairs Director:

"DPR Group's 'No Brexit, No Fee' arrangement was very helpful in terms of enabling my organization to prepare for the different contingencies surrounding Brexit without having to commit upfront funds. DPR has been tremendous in helping our organization assess and implement tailored solutions with respect to our Article 27 needs. It is by far the most efficient and highest value GDPR Representative service vendor I have encountered. Wonderful customer service, responsiveness, and thoroughness. DPR has my highest recommendation."

Brexit and the Representative - what's happening?

The UK has voted to leave the European Union and this will occur on 31 January 2020, with a transition period expected until the end of 2020.

Firstly, it is important to understand that these changes will only occur after the end of the transition period on 31 December 2020; until that time, the EU will continue to apply GDPR as though the UK is an EU member state, so the EU Representative obligation is unchanged (companies with a UK establishment will not need an EU Representative), and the UK law requiring the appointment on a separate UK Representative will no become effective. Whilst some companies may seek to put in place a Representative to advance their Brexit preparation or simply offer better access to their data subjects, it is not a legal requirement until that time.

Overall, Brexit will have a huge effect on many businesses; not just in the UK and EU, but around the world. One of the effects relating to data protection and GDPR is that the position in respect of the Data Protection Representative obligation will be altered for many organisations. This includes the creation of the new UK Data Protection Representative role, a requirement for companies outside the UK selling into the UK. DPR Group can provide EU and UK Representative services, so please contact us to discuss your requirements.

We have prepared the table below summarising the effects, and more detail is provided below the table.


Please note, for the purposes of the table above: "EU" does not include the UK, and "rest of world" does not include UK or any EU country 

  • UK-based companies selling to the EU, with no EU office

Any company in the UK which processes personal data as a result of selling to the UK or wider EU will now be familiar with their obligations under GDPR. These obligations will continue under UK law, but for companies with no office in the EU there will be additional obligation under the extra-territorial scope of GDPR, as the UK will be treated as a 'third country' for its purposes; they need to appoint an EU Representative (see here for confirmation from the UK Information Commissioner's Office). If you are a UK-based company with no office in the remainder of the EU, please view our checklist here to confirm whether you will need an EU Representative from the end of the transition period on 31 December 2020 (when considering the questions, assume that your company is not established in the EU if its only EU office is in the UK).

  • International companies selling to the EU, whose only EU office is in the UK

Many global companies choose to base their only EU office in the UK. When the Brexit transition period ends, it will mean that company does not have an establishment in the EU for the purpose. If that company processes the personal data of individuals based in the remainder of the EU (i.e. if it has EU customers outside of the UK), it will then have the additional requirement under Article 27 of GDPR to appoint an EU Representative.

  • Companies (inside or outside the EU) selling to the UK with no UK office

As well as the obligation under GDPR, legislation has been passed by the UK Parliament which implements GDPR-equivalent obligations for companies processing UK personal data, and creates an obligation on non-UK companies to appoint a UK Data Protection Representative after 31 December 2020 (The Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019). This is a new role, created as a result of Brexit, to give individuals in the UK roughly equivalent rights as those in the EU. Essentially, the UK Representative will undertake the same role for companies selling into the UK from outside that the EU Representative does for companies selling into the EU from outside.

Please note: For companies outside the EU which sell to the UK but no other EU countries, the obligation is effectively similar - their obligation has changed from appointing a Data Protection Representative in the EU to appointing one in the UK. If you have appointed a Representative other than DPR Group for this purpose, please check to make sure they have a UK establishment so their appointment remains compliant after Brexit - if not, we can assist, please contact us.

How can DPR Group help?

DPR Group offers a market-leading EU Representative service to our clients through our network of 28 contact locations. These locations include every EU member state and the UK, and we will be offering the UK Representative service included at no extra cost for our clients who appoint us to deliver (or are already protected by) our EU Representative service, and can provide:

  • Any appointment which is contingent on Brexit occurring can be made on a "No Brexit, No Fee" basis 

  • A UK-only Representative service for 20% less than our usual Representative appointment fees (and can be offered on the "No Brexit, No Fee" basis of appointment)

  • Please contact us to discuss either of the options above

  • UK-based companies selling to the EU, with no EU office

These companies, which previously had no Representative obligation under Article 27 of GDPR, will be able to appoint us as your EU Representative across the EU, and without any concerns about ease of contact from their EU customers, as we have a contact location in every EU member state. Companies based in the UK will effectively be in the same position as companies from other non-EU countries.

  • International companies selling to the EU, whose only EU office is in the UK

As with the UK-based companies, these companies previously had no Representative obligation under Article 27 of GDPR because of their UK (and thus EU) establishment. You will be able to appoint us as your EU Representative across the EU and take advantage of our network of contact locations across each EU member state. These companies position is altered to that of any other non-EU company selling into the EU.

  • EU companies selling to the UK with no UK office

Any company which sells into the UK, whether based within or outside the EU, will be required by UK law to appoint a UK Data Protection Representative. The good news for DPR Group's existing clients is that our existing service will cover them for this requirement - we have a contact location established in the UK and will be maintaining this location so we can offer the UK Data Protection Representative service at no extra cost with our wider EU Representative service.

For companies in the EU selling into the UK, which have not had a Representative requirement before under GDPR, we can offer a Representative package with access to our UK contact location only with an introductory 20% reduction on our usual EU-wide fees. On top of this, until 31 January 2020 we are we can offer a Brexit-conditional appointment; if the Brexit transition period has not concluded within 3 months of 31 December 2020, the contract will not commence and you will not be required to pay - please contact us to arrange a "No Brexit, No Fee" appointment.

  • Non-EU/UK companies selling to the UK only (with no UK office)

Companies which sell to the UK from outside the EU will already have an obligation under GDPR to appoint an EU Representative. After the UK leaves the EU, this position is altered so that their obligation will now be to appoint a UK Representative instead of an EU Representative. Please inquire with your existing Representative to ensure they have a UK establishment, as otherwise you will no longer be compliant with the Representative obligation.

Make sure your company remains compliant with EU and UK data protection law after Brexit - appoint DPR Group as your EU Representative or UK Representative.

"As a global insurance technology provider based in the US, India and UK, we are preparing for potential Brexit compliance changes in GDPR, and we will have a requirement for an EU GDPR Representative. We were impressed by DPR, their professionalism, knowledge, clear communication, geographical coverage and add-on services. They provided a competitive and tailored price, and a contract that meets our needs to address the Brexit uncertainty, with fees conditional on when – and if – the UK leaves the EU. "

OWIT Global - Insurance Technology (UK)

Julian James, Managing Director EMEA & Asia Pacific:


12 Northbrook Road,





©2019 BY DPR