A portrait photo of a middle-aged lady in front of a light gray wall. She wears a blouse and a blazer in rosé and crosses her arms. She has her blond hair tied up, wears glasses and smiles at the camera.

UK-GDPR Representative

for companies without an establishment in the United Kingdom

Arrange your free consultation appointment:


Book free online consultation

Go to contact form

Seal - iapp Bronze Member


The need for an UK representative under the UK GDPR (Data Protection Act 2018 (DPA 2018))

Wave as graphic

The UK GDPR has a very broad scope. Companies with business activities in the United Kingdom can easily be subject to GDPR, even if they are not established in the UK.

The GDPR may already apply when a non-UK company offers goods or services to individuals in the UK or monitors their behaviour (e.g., using online analytic tools). In this case, the company must designate a representative in the UK in accordance with Art. 27 UK GDPR.

Failure to comply may result in fines of up to GBP 8,660,000 or 2% of the company’s global annual turnover.

Two ladies are sitting in front of a laptop, which is placed on a glass desk, and are discussing.


The obligation to appoint a UK representative does not apply in cases where the legislator considers there to be little risk to personal rights. That is the case when processing activities are only occasional, do not involve special categories of personal data and is unlikely to result in an infringement of a data subject's rights and freedoms. All of these conditions must be fulfilled together; therefore, it is unlikely that a company that falls within the scope of the UK GDPR will be able to claim the right to use this exemption.


Roles & Responsibilities of the UK-GDPR Representative

Wave as graphic
Icon authority

Company Representation

The UK GDPR representative is representing the company in its interaction with the UK Information Commissioner’s Office (ICO) and data subjects invoking their data protection rights.

Icon manager


Our representative acts as a contact person for enquiries and complaints submitted by data subjects and ensures that these enquiries are answered within a reasonable period of time.

Icon document


The GDPR UK representative provides assistance in maintaining the register for processing activities, which contains information about the purposes of the processing, the persons who are involved and the description of the technical and organisational security measures.

Our services

GDPR compliance: How we support your business

Wave as graphic

Data protection compliance challenges such as the GDPR can be a real hurdle for businesses of all sizes and industries. At DP-Dock, we understand these challenges and offer tailored solutions to help your business meet the compliance requirements of the GDPR.

As a GDPR UK representative, we act as a local point of contact for citizens and the Information Commissioner's Office (ICO), the UK's data protection regulator, and represent the business in relation to its obligations under the UK GDPR.

Services in regulatory proceedings, such as requests for information from the ICO in the case of a suspected breach, can thus be legally sent to your representative. As your GDPR UK representative, we have experience in data protection law to assess risks to your business.

In this team photo in the office, two women are smiling from the left, a man, another woman and again a man. They have different attitudes and seem very competent.

The representative:

  • Must be based in the UK.
  • Must be appointed in writing.
  • Holds a processing register (Article 30 UK GDPR) of the represented company.
  • Is to act on behalf of the company and must therefore have power of representation.

Your benefits

DP-Dock as data protection representative in the United Kingdom

Wave as graphic

DP-Dock acts as a data protection representative in the UK through a UK subsidiary. You can benefit from:

  • our experience in international data protection and our legal expertise.
  • our language skills, which enable fluent communication in English, German and other languages.
  • our network, which gives you immediate access to lawyers specialized in data protection and privacy law in the UK in case of an emergency.

Book free online consultation now

If you need a data protection representative in the UK or are still unsure whether the obligation affects your company, please feel free to contact us.


Client feedback about our data protection services

Wave as graphic
The view of the Port of Hamburg from above is breathtaking with the Elbphilharmonie in the background and a beautiful blu
Logo - Redbubble

(Data Protection Officer: DPO)
Redbubble Inc., 111 Sutter Street, 17th Floor, San Francisco, CA 94104, USA

„DP-Dock brings real value to privacy compliance with their professionalism, responsiveness and depth of experience advising global tech companies operating in Europe.”

Logo - Universal Tennis

(Data Protection Officer: DPO)
Universal Tennis, LLC, 525 University Avenue, Palo Alto, CA 94301, USA

„DP-Dock is our designated Art. 27 GDPR representative for many years – more recently they are, in addition, our external DPO: a decision we’ve been happy with. Their understanding of global trends in data privacy is remarkable – including the provision of awareness trainings for our employees across the globe.“

Logo - ottobock

(Data Protection Officer: DPO)
Ottobock SE & Co. KGaA, Max-Näder-Strasse 15, 37115 Duderstadt, Germany

DP-Dock is our external data protection officer. They work with us in a targeted and trustworthy manner in an environment where we have many locations around the world. We are fully satisfied with their service. They are pragmatic, solution-oriented, qualified and fast when needed."

Contact information

Schedule a free first consultation appointment
with our data protection experts

Wave as graphic
An elderly lady with dark hair wears a white dotted blouse and sits on an office chair at a desk.

Ballindamm 39
20095 Hamburg

Privacy settings

We use cookies on our website. Some of them are essential, while others help us improve this website and your experience.

In this overview you can select and deselect individual cookies of a category or entire categories. You will also receive more information about the cookies available.
Group essential
Name Matomo
Technical name
Expire in days 72
Privacy policy
Use Use without cookies
Group external media
Name Calendly
Technical name __cf_bm,__cfruid,OptanonConsent
Provider Calendly LLC
Expire in days 365
Privacy policy
Use To arrange appointments via the provider Calendly
Name Contao CSRF Token
Technical name csrf_contao_csrf_token
Provider Contao
Expire in days 0
Privacy policy
Use Serves to protect the website from cross-site request forgery attacks. After closing the browser, the cookie is deleted again.
Name Contao HTTPS CSRF Token
Technical name csrf_https_contao_csrf_token
Provider Contao
Expire in days 0
Privacy policy
Use Serves to protect the encrypted website (HTTPS) against falsification of cross-site requests. After closing the browser the cookie is deleted again
Technical name PHPSESSID
Provider Contao
Expire in days 0
Privacy policy
Use PHP cookie (programming language), PHP data identifier. Contains only a reference to the current session. There is no information in the user's browser saved and this cookie can only be used by the current website. This cookie is used all used in forms to increase usability. Data entered in forms will be e.g. B. briefly saved when there is an input error by the user and the user receives an error message receives. Otherwise all data would have to be entered again