A portrait photo of a middle-aged lady in front of a light gray wall. She wears a blouse and a blazer in rosé and crosses her arms. She has her blond hair tied up, wears glasses and smiles at the camera.

GDPR UK Representative

for companies without a branch or office in the United Kingdom

For companies without a UK registered office, we offer our outstanding GDPR UK representative service. Our highly experienced lawyers take on the legal role of GDPR UK representative and ensure that you are in compliance with the UK Data Protection Act of 2018.

Arrange your personal consultation appointment:


Book online consultation

Seal - iapp Bronze Member

Our target audiance

What company does need a GDPR UK representative?

Wave as graphic

At the end of 2020, the legal situation changed for companies that have business dealings in the United Kingdom. At the end of the Brexit transition period, the GDPR was no longer directly enforceable in the UK and was replaced by the UK General Data Protection Regulation (UK GDPR).

Because many requirements remain identical, companies can generally continue to rely on GDPR-compliant business processes. However, the legal basis for international data transfers needs to be verified.

In addition, from 1 January 2021, many European companies will be obliged under the UK GDPR to appoint a so-called data protection representative in the United Kingdom.

Two ladies are sitting in front of a laptop, which is placed on a glass desk, and are discussing.

Who must appoint a representative under UK law?

The obligation to appoint a representative under Article 27 UK GDPR applies to all companies without a registered office in the UK that offer goods or services or monitor the activities of individuals in the UK.  In addition to the B2C sector, this also includes B2B companies (order processors, e.g. IT service providers), if the requirements are met by at least one of the businesses' customers. The threshold is very low in this respect: even offering a website targeted towards UK citizens will usually require the appointment of a UK representative. This duty is met when:

  • search engine advertising is targeted towards the UK.
  • the ability to order goods or services in the UK, or the acceptance of sterling as a means of payment is given.
  • tracking of UK citizens, for example by using cookies or device fingerprints is done
  • products in the transport and travel industry are internationally oriented
  • conducting clinical trials or market research


The obligation to appoint a UK representative does not apply in cases where the legislator considers there to be little risk to personal rights. That is the case when processing activities are only occasional, do not involve special categories of personal data, and are not likely to result in an infringement of a data subject's rights and freedoms. All of these conditions must be fulfilled together; therefore, it is unlikely that a company that falls within the scope of the UK GDPR will be able to claim the right to use this exemption.


Roles & Responsibilities of the GDPR EU Representative

Wave as graphic
Icon authority

Company Representation

The UK GDPR representative is representing the company in its interaction with the UK Information Commissioner’s Office (ICO) and data subjects invoking their data protection rights.

Icon manager


Our representative acts as a contact person for enquiries and complaints submitted by data subjects and ensures that these enquiries are answered within a reasonable period of time.

Icon document


The GDPR UK representative provides assistance in maintaining the register for processing activities, which contains information about the purposes of the processing, the persons who are involved and the description of the technical and organisational security measures.

Our services

GDPR compliance: How we support your business

Wave as graphic

Data protection compliance challenges such as the GDPR can be a real hurdle for businesses of all sizes and industries. At DP-Dock, we understand these challenges and offer tailored solutions to help your business meet the compliance requirements of the GDPR.

As a GDPR UK representative, we act as a local point of contact for citizens and the Information Commissioner's Office (ICO), the UK's data protection regulator, and represent the business in relation to its obligations under the UK GDPR.

Services in regulatory proceedings, such as requests for information from the ICO in the case of a suspected breach, can thus be legally sent to your representative. As your GDPR UK representative, we have experience in data protection law to assess risks to your business.

In this team photo in the office, two women are smiling from the left, a man, another woman and again a man. They have different attitudes and seem very competent.

The representative:

  • Must be based in the UK.
  • Must be appointed in writing.
  • Holds a processing register (Article 30 UK GDPR) of the represented company.
  • Is to act on behalf of the company and must therefore have power of representation.

Your benefits

DP Dock as data protection representative in the United Kingdom

Wave as graphic

DP Dock acts as a data protection agent in the UK through a UK subsidiary. You can benefit from:

  • our experience in international data protection and our legal expertise.
  • our language skills, which enable fluent communication in English and German.
  • our network, which gives you immediate access to lawyers specialized in data protection and privacy law in the UK in case of an emergency.

Book online consultation now

If you need a data protection representative in the UK or are still unsure whether the obligation affects your company, please feel free to contact us. We also offer our services as subcontractors for law firms and data protection consultants.


Client feedback about our data protection services

Wave as graphic
The view of the Port of Hamburg from above is breathtaking with the Elbphilharmonie in the background and a beautiful blu
Logo - Redbubble

(Data Protection Officer: DPO)
Redbubble Inc., 111 Sutter Street, 17th Floor, San Francisco, CA 94104, USA

„DP-Dock brings real value to privacy compliance with their professionalism, responsiveness and depth of experience advising global tech companies operating in Europe.”

Logo - Universal Tennis

(Data Protection Officer: DPO)
Universal Tennis, LLC, 525 University Avenue, Palo Alto, CA 94301, USA

„DP-Dock is our designated Art. 27 GDPR representative for many years – more recently they are, in addition, our external DPO: a decision we’ve been happy with. Their understanding of global trends in data privacy is remarkable – including the provision of awareness trainings for our employees across the globe.“

Logo - ottobock

(Data Protection Officer: DPO)
Ottobock SE & Co. KGaA, Max-Näder-Strasse 15, 37115 Duderstadt, Germany

DP-Dock is our external data protection officer. They work with us in a targeted and trustworthy manner in an environment where we have many locations around the world. We are fully satisfied with their service. They are pragmatic, solution-oriented, qualified and fast when needed."

Contact information

Schedule a free first consultation appointment
with our data protection experts

Wave as graphic
An elderly lady with dark hair wears a white dotted blouse and sits on an office chair at a desk.

Ballindamm 39
20095 Hamburg

Privacy settings

We use cookies on our website. Some of them are essential, while others help us improve this website and your experience.

In this overview you can select and deselect individual cookies of a category or entire categories. You will also receive more information about the cookies available.
Group essential
Name Matomo
Technical name
Expire in days 72
Privacy policy
Use Use without cookies
Group external media
Name Calendly
Technical name __cf_bm,__cfruid,OptanonConsent
Provider Calendly LLC
Expire in days 365
Privacy policy
Use To arrange appointments via the provider Calendly
Name Contao CSRF Token
Technical name csrf_contao_csrf_token
Provider Contao
Expire in days 0
Privacy policy
Use Serves to protect the website from cross-site request forgery attacks. After closing the browser, the cookie is deleted again.
Name Contao HTTPS CSRF Token
Technical name csrf_https_contao_csrf_token
Provider Contao
Expire in days 0
Privacy policy
Use Serves to protect the encrypted website (HTTPS) against falsification of cross-site requests. After closing the browser the cookie is deleted again
Technical name PHPSESSID
Provider Contao
Expire in days 0
Privacy policy
Use PHP cookie (programming language), PHP data identifier. Contains only a reference to the current session. There is no information in the user's browser saved and this cookie can only be used by the current website. This cookie is used all used in forms to increase usability. Data entered in forms will be e.g. B. briefly saved when there is an input error by the user and the user receives an error message receives. Otherwise all data would have to be entered again