Skip to content

GDPR Representative / UK GDPR Article 27

Appoint a UK GDPR Representative

Organisations outside the UK may need a UK-established Representative when they offer goods or services to people in the UK or monitor their behaviour there and do not have a relevant UK establishment.

A UK contact point for individuals and the ICO, supported by a written mandate and practical escalation process.

Do you need a UK Representative?

The UK requirement is generally relevant where your organisation is based outside the UK, has no branch, office or other relevant establishment in the UK, and UK GDPR applies because you offer goods or services to people in the UK or monitor their behaviour in the UK.

The assessment should consider the processing connected with the UK activity. It should not be reduced to citizenship, a .uk domain, or whether a person in the UK can technically access a global website. Evidence of targeting and monitoring, group structure and the nature of the processing all matter.

UK Representative assessment questions
Assessment questionWhy it matters
Do you have a UK branch, office or other establishment?A relevant UK establishment may change the Article 27 analysis for processing connected with its activities.
Do you offer goods or services to individuals in the UK?The UK GDPR territorial test can apply whether or not payment is required.
Do you monitor behaviour taking place in the UK?Tracking or profiling connected with behaviour in the UK can bring the relevant processing into scope.
Does an exemption apply?Public bodies and qualifying occasional, low-risk processing may be excluded. The rationale should be documented.

What the UK Representative does

  • Acts under a written mandate for the processing within scope.
  • Provides a UK contact point for individuals and the Information Commissioner.
  • Receives, logs and routes relevant correspondence.
  • Supports the availability of records and information needed for regulatory cooperation.
  • Maintains agreed escalation contacts and an auditable handling process.
  • Cooperates with the ICO in connection with the representative mandate where required.

What it does not do

  • It does not become the controller or processor.
  • It does not transfer your organisation's UK GDPR responsibility.
  • It is not the same as appointing a DPO.
  • It does not replace the need for lawful processing, transparent privacy information, rights handling, contracts or security measures.

What is included

  • UK territorial-scope and representative-requirement assessment.
  • Written UK Representative appointment and operating instructions.
  • Approved UK contact wording for privacy information and related disclosures.
  • UK correspondence channel and internal escalation map.
  • Onboarding review of entities, services, UK processing and key records.
  • Correspondence logging and handling evidence within the agreed scope.
  • Periodic review when the organisation's UK market, establishment or processing changes.

Appointed UK Representative

Representative:
PCS UK Ltd
Establishment:
United Kingdom
Address:
111 City Road, London, EC1V 2NX, United Kingdom
Contact:
privacy@mypcsuk.com (monitored)

Appointment process

  1. Confirm the trigger

    Confirm the UK territorial trigger and whether any exemption is reasonably available.

  2. Map the scope

    Identify the entities, products and processing covered by the appointment.

  3. Confirm the entity

    Confirm the UK-established representative entity and commercial terms.

  4. Execute the mandate

    Execute the written mandate and agree the communications and escalation process.

  5. Update transparency information

    Update privacy information, public contact points and relevant records.

  6. Test and review

    Test the route and schedule periodic review.

UK-only or EU + UK?

A UK Representative appointment covers the UK regime only. If the same organisation also targets or monitors people in the EU without a relevant EU establishment, a separate EU appointment may be required. The combined service coordinates onboarding and reporting while keeping the two legal appointments distinct.

UK Representative compared with EU Representative
UK RepresentativeEU Representative
TerritoryUnited KingdomEuropean Union / EEA scope under EU GDPR
EstablishmentUK-established contact pointEstablished in an eligible EU Member State
Regulator contactInformation CommissionerRelevant EU supervisory authority or authorities
Legal appointmentSeparate UK mandateSeparate EU mandate

Scope and pricing factors

The proposal should reflect the number of legal entities and brands, nature and scale of UK processing, expected correspondence, record readiness, languages and any wider advisory support. It should distinguish the representative mandate from DPO or full GDPR operational support.

Comparing roles? Read DPO vs GDPR Representative.

Ready to confirm your UK position?

Complete the assessment or send us your legal structure, UK market activity, monitoring, personal-data categories and current privacy information. We will identify the likely position and any issues that require legal review before appointment.

Frequently asked questions

Which overseas organisations need a UK GDPR Representative?

The requirement generally applies where an organisation outside the UK has no relevant UK establishment but UK GDPR applies because it offers goods or services to people in the UK or monitors their behaviour there, unless an exemption applies.

Does a UK customer automatically mean we need a Representative?

Not necessarily. The territorial test considers whether goods or services are offered to people in the UK or behaviour in the UK is monitored, together with the relevant establishment and exemption position. A documented assessment is preferable to a conclusion based on one customer alone.

Is the UK Representative our DPO?

No. The roles have different legal triggers, duties and independence requirements. A Representative is a UK contact under Article 27. A DPO provides independent advice and monitoring where appointed.

Can our EU Representative also cover the UK?

Not under one legal appointment. The UK and EU regimes require separate appointments and establishments. They can be commercially coordinated through a combined service.

What must be added to our privacy information?

Where applicable, include the identity and contact details of the UK Representative and ensure the contact route is consistent with your rights-request and complaints process.

What happens if we later open a UK office?

A new UK establishment may change the representative analysis, but it does not automatically settle the position for every processing activity. Review the relationship between the establishment and the processing before ending the appointment.

Reviewed by Zuzana Ruddock, Certified DPO and EU General Data Protection Regulation Practitioner (certified by the International Board for IT Governance Qualifications). Last reviewed: 11 July 2026. This page is general information, not legal advice.