Will we need an EU Representative after Brexit?

Because of Brexit, UK companies that do business in the EU but don’t have an EU presence need to appoint a representative there.

To help, ActiveMind Legal, who specialise in international data protection, have worked with us to pull together a Q&A to identify if you need an EU rep, and if you do, who they should be…

1. Who needs an EU representative?

Any business that doesn’t maintain an establishment in the EU but does target individuals in the EU.

a. What’s an establishment?

Some form of activity through a stable arrangement, such as a fixed place of business, an office, branch, or factory. Just having an employee or contractor based in an EU country is not enough.

b. What does targeting mean?

It means offering goods or services to people whose data you hold and process, including via a website. It also means monitoring people’s behaviour in the EU, e.g. through the use of analytics and other tools. Certain factors will be looked at to determine whether you are targeting persons in the EU, e.g. via use of local language, providing an option to pay in Euros, making references to EU specific clientele, etc. A Chinese company’s website doing business in Asia that is accessible in the EU, would not be considered targeting, but if it then offered its products/services on the website in German and included a German company as a reference client, then that would be considered to be targeting. Also, if you monitor behaviour of people in the EU by, for example, doing behavioural advertising, carrying out geo-localisation/ geo-marketing activities, online tracking, etc you’ll be deemed to be targeting. Even if you are a provider of these services/products and do so free of charge, for example offering a free app on the EU market that contains geolocalistion technology and is in German would be considered targeting.

c. Are there exceptions?

Only if your data processing activities meet all of the conditions below:

They are done only very rarely or as a one -off. AND
They do not include any special categories of personal data (i.e. relating to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, sex life or sexual orientation) on a large scale. AND
They are unlikely to result in privacy intrusions. Examples of privacy intrusions include processing activities that give rise to discrimination, identity theft or financial loss, or where the special categories of data are being processed.

2. Who can you appoint as an EU representative?

It can be an individual or an organisation in the EU, such as a law firm or specialist data consultancy, that has an office in one of the EU countries where the data subjects that you are targeting are located. The representative needs to be authorised in writing to act on your company’s behalf for GDPR compliance and to deal with any supervisory authority or data subject for this purpose. You must also clearly disclose who the representative is, for example in the privacy policy on your website and in your internal privacy notices.

The EU rep’s tasks are to:

be the contact person for your customers in all applicable EU countries for all issues related to the GDPR
maintain records of your processing activities and other relevant data protection documentation; and
legally represent your business with the EU data protection supervisory authorities.

So, you’ll need to do your due diligence to check that whoever you appoint is right for the job.

Please note that the appointment of an EU rep does not change your company’s responsibilities for compliance or liability for non-compliance under the GDPR.

3. Can our DPO act as our EU Rep?

Unfortunately, no – your DPO cannot do both. Even if you have an external DPO in an EU country, the data protection authorities say there would be a conflict of interest if the same person was fulfilling both roles.

4. How can we start planning?

The transition period is a good time to prepare. Here is a checklist to help you get started:

Do you have an EU office, branch or other establishment? (if so, you will not need to appoint)
Are you processing personal data of individuals in the EU that relates to:
- offering goods or services, and/or
- monitoring their behaviour?

(if yes to either you will need to appoint)

Can you rely on the exception above for all EU sales activities? (if yes, you will not need to appoint)
Have you chosen an EU representative that is based in one of the countries where your data subjects are?
Have you put in place an appropriate written mandate for that representative to act on your behalf?
Have you updated your privacy policy/notices to provide information about the representative to data subjects and data protection authorities?
Does your EU representative maintain the required documentation (particularly the records of processing activities)?

If you need help identifying if your business needs an EU Rep or in appointing one, we can help. Get in touch on info@legaledge.co.uk

What do our clients think?

Having an experienced lawyer as your single point of contact to manage legal matters effectively whilst providing pragmatic solutions is exactly what you get from LegalEdge
Legal & Compliance Officer - Distributed
LegalEdge’s practical approach to our day-to-day legal requirements has been second to none. I highly recommend their commercial contract support – it’s a game changer.
COO/CFO - Fluent Commerce
We’re very pleased with the work LegalEdge are doing for us. We’re getting quick and decisive responses that are really helping us move forward.
FINANCE & OPERATIONS DIRECTOR - DEPOP
Our original MSA was very one-sided and not favourable to us, with LegalEdge’s help getting this agreement in place we have significantly reduced the risk to the agency.
Operations Director – Contracts and Commercial, - The Social Element
LegalEdge has provided unparalleled legal support to our EMEA business as our in-house lawyers to help us negotiate our software license contracts successfully and quickly.
VP & GM EMEA - Wherescape
The Intellectual Property audit provided by LegalEdge was extremely thorough. Securing our IP is enabling us to scale confident that our brand is protected under the law.
Founder - Arishi
It’s not an understatement that the new contracts gave us a lot of confidence in negotiating. It sets the right tone with our clients that we know what we are doing.
Operations Director - OneSixOne
I don’t always need the technicalities of a matter; LegalEdge provide pragmatic solutions that help us to close the deal.
Co-founder - Lexonis
LegalEdge has provided excellent, commercially focused advice as part of our in-house legal team that has helped us close contracts with our customers and partners.
CEO - Diona
The fact that all their lawyers have worked inside businesses means they are commercial, pragmatic and know exactly how to prioritise what’s important.
COO - Squirro
Having made the decision to outsource our legal work, we have been extremely impressed by how quickly LegalEdge have quickly understood our business.
Commercial Director - The Social Element
LegalEdge understood our needs more than any traditional law firm had before: we were able to dip in and dip out of their services, they acted like a general counsel for us.
Co-Founder - Young Foodies
LegalEdge are awesome at taking complex ideas and turning them into simple contracts whilst streamlining processes to make it easy to do business.
Founder - Lola Tech, a DataArt company
The LegalEdge team just intuitively understood our business and needs, picked up the matters that needed dealing with, and ran with them.
General counsel - The Engine Group
Working with a professional squad like LegalEdge on the legal stuff means, as CFOs, we can focus on what we’re good at – the numbers!
Founder - Emergeone
LegalEdge were brilliant from start to finish in helping us to develop a proper brand strategy and implementing it.
CEO - Placemake.io
LegalEdge have been fantastic advisers to our business. Between shareholder agreements & fundraise, Trademark & IP, and commercial agreements, we deeply value their guidance.
Co-Founder - Days Brewing
Having worked closely with LegalEdge I have no hesitation in recommending them to any business requiring smart, articulate and professional legal counsel.
Founder - Low Carbon Group
Working with LegalEdge has been a breath of fresh air! They have provided a unique, entrepreneurial approach to legal services within a rapidly growing organisation.
COO and Co-Founder - hybris GmbH (now a SAP company)
The support we have received has been first class – from day one. LegalEdge have gone above and beyond to truly understand our business.
Director EMEA Operations - Stella & Dot
The ideal solution for the busy in-house counsel who is unable to add a permanent head as you have the ability to flex support without the need to rely on expensive law firms.
Vice President and EMEA Managing Counsel - World-Check [now Thomson Reuters]
LegalEdge’s experience has proven invaluable as they have picked up, negotiated and completed contracts with commercial aptitude.
Group Counsel - Funding Circle
What sets LegalEdge apart is that they focus on problem solving and keeping issues in perspective. They know and understand our business and the array of legal issues we face.
Partner - Portal Tech Reply
As our trusted go to lawyers for complex contract queries and negotiations, LegalEdge know how to focus on the things that matter and to get deals done.
Commercial Director - Connect Managed
The Oxial team was very impressed with the quality of the contracts that the LegalEdge team produced for our business and with their responsive and collaborative approach.
COO - Hammer Team & Oxial

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_gtag_UA_32854648_1	1 minute	Set by Google to distinguish users.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.

By LegalEdge News Apr 07, 2020

Will we need an EU Representative after Brexit?

What do our clients think?

Contact

Navigate Site

Stay In Touch