UK Companies Processing Personal Data From The EU Must Be Established in the EU


Following the UK’s exit from the EU, we are facing the end of the transition period ending on 31 December 2020.

If you are based in the UK and do not have a branch or other establishment in any other EU state and are doing business with individuals in the EU, you still need to comply with the GDPR regarding processing of personal data.

When the transition period ends, the GDPR requires you to appoint a representative in the EU.

The representative needs to be based in the EU and be authorised to act on your behalf regarding your GDPR compliance, and to deal with any supervisory authorities or individuals.

You are required to inform the EU based individuals whose personal data you are processing about who is representing you.

If there is a security breach affecting UK and Danish individuals, it will be investigated by the Information Commissioner’s Office under UK law and the Danish DPA (Datatilsynet) under the GDPR.

Holst, Advokater acts as data protection representatives for non-EEA companies. Please contact Pernille Kristensen or Henrik Christian Strand if you need help regarding your obligations under the GDPR.