UK Data Protection Representative Program

Immediately Satisfy the UK Data Protection Representative Requirements
of Article 27 of the UK GDPR.

As of January 1, 2021, the UK requires many businesses without a physical presence in the UK to appoint an official Data Protection Representative in the UK. VeraSafe has the solution.

Is your organization:

  • Not located in the UK?
  • Processing personal data in the course of offering goods or services to individuals in the UK or monitoring the behavior of individuals in the UK?

If you answered “Yes” to both questions, then you may need to appoint a Data Protection Representative (also known as “DPR”) in the UK.

The VeraSafe UK Data Protection Representative Program is a simple, professional, and affordable way to meet the requirements of Article 27 of the UK GDPR.

VeraSafe UK Data Protection Representative Program Pricing

Your Total Sales* Annual Enrollment Fee
Over $0 to $25 million $1,200.00
Over $25 to $50 million $2,700.00
Over $50 to $100 million $4,050.00
Over $100 to $500 million $5,400.00
Over $500 million Contact Us for Custom Quote

*Note: Fees are based on gross global revenue (USD), and generally provide coverage for a single covered entity. Additional covered entities may be included at no additional fee in limited circumstances.

Included in the program

VeraSafe’s UK Data Protection Representative Program includes the following:

  • VeraSafe will receive legal documents and data subject access requests (DSARs) on behalf of your organization as your Data Protection Rep in the UK.
  • VeraSafe will quickly forward all correspondence to you, which VeraSafe receives on your behalf as your Data Protection Rep in the UK.
  • VeraSafe helps ensure that your organization complies with regulatory notification timelines established under data protection and privacy law in the UK.
  • A web form, mailing address, and phone number for UK data subjects and regulators to contact your organization.
  • VeraSafe will be available as your reliable, well-established data protection counsel.
Other services we provide

In addition to serving as your organization’s UK DPR, our experienced attorneys and privacy consultants can help you by:

  • Establishing, maintaining, and reviewing your records of processing activities (RoPA).
  • Ensuring that your privacy notices include the information required by the UK GDPR and the UK Data Protection Act 2018.
  • Providing counsel and advice in your responses to data subject access requests (DSARs) and queries from the UK’s data protection authority, the Information Commissioner’s Office (ICO).
  • Informing you about relevant data protection issues.
UK Data Protection Representative

When you appoint VeraSafe United Kingdom as your organization’s UK Data Protection Representative, you take a critical step towards compliance with UK data protection law. Let VeraSafe help you respond to any UK data protection inquiries in a lawful, fast, and professional manner.

This UK GDPR requirement to appoint a Data Protection Rep is nearly identical to the EU GDPR’s requirement for organizations not located in the European Economic Area (EEA) to appoint a Data Protection Rep.

Click here to learn more about VeraSafe’s EU Data Protection Representative Program for Article 27 of the EU GDPR, which complements the VeraSafe UK Representative Program for the UK GDPR.

UK DPR Service: Frequently Asked Questions

Why is VeraSafe’s data protection representative service better than the competition?

VeraSafe is one of very few well-established privacy law firms and consulting groups to offer UK Data Protection Representative service in a legally-compliant way. Competing service providers often are micro-sized businesses with only one or two staff members. VeraSafe has been in business for more than a decade — much longer than the competitors. These younger service providers may not be legally established in the UK, and use a mail forwarding service as their “establishment” which is not legally compliant. VeraSafe United Kingdom Ltd is legally established in the United Kingdom and our deep bench of privacy attorneys oversees and coordinates our Data Protection Representative services.

What is included in the enrollment fee?

The enrollment fee includes the formal appointment of VeraSafe as your data protection representative in the UK. You’ll be entitled to publish VeraSafe’s DPR contact information in any appropriate location, including your privacy notices. Regulators and data subjects can contact VeraSafe in addition to, or instead of, contacting your organization directly. VeraSafe accepts legal liability when serving as the Data Protection Representative of a foreign organization, and the enrollment fee primarily compensates VeraSafe for that risk.

Are there any exceptions to the requirement to appoint a Data Protection Representative in the UK?

Every organization’s circumstances are unique. Contact VeraSafe immediately if you need assistance interpreting the UK GDPR and understanding precisely how the requirements of the UK GDPR apply to your organization. None of the information presented on this page is legal advice and must not be relied on as such, because it does not take your specific circumstances into account.

What else do I have to do to comply with the UK DPR requirement, other than enrolling?

Sign the enrollment paperwork VeraSafe will send you, then VeraSafe will promptly draft and send you a paragraph of text to add to your organization’s privacy policy. You will typically need to add this Article 27 UK DPR disclosure to all of your privacy policies that address data subjects in the UK.

What’s the risk of not appointing a UK Data Protection Representative?

Failure to name a representative in your public-facing privacy notice is visible evidence of noncompliance with the UK GDPR, which can attract the attention of the UK data protection and privacy regulator, the Information Commissioner’s Office.

My organization is based in the UK. Do I have to appoint a Data Protection Representative according to Article 27?

If your organization is based in the UK, you do not need to appoint a Data Protection Representative in the UK, but you might need to appoint a Data Protection Representative in the EU. As of January 1, 2021 many UK organizations that do no have a subsidiary or branch office in the European Union must appoint a Data Protection Representative in the EU. Check out VeraSafe’s EU Data Protection Representative Program for total GDPR Article 27 compliance.

Click here to see a summary of the requirements concerning appointment of representatives both in the UK and in the EEA.

How will regulators and data subjects contact VeraSafe in the UK? Phone, email, web form, etc.?

Regulators and data subjects can contact VeraSafe via a web contact form, phone number, and our mailing address in London. These details will be provided to you after your enrollment.

Will you respond to regulators or data subjects without contacting me first?

Usually not. VeraSafe will receive, relay, and, only after consultation with you, respond to any communications from regulators or data subjects. If required, we can deliver on demand legal counsel to assist you in responding to such inquiries. However, there are some circumstances where it is necessary for VeraSafe to contact the requestor directly, for example if the data subject does not indicate which VeraSafe client their concern relates to, it is necessary for VeraSafe to contact the data subject to ascertain this critical information.

How can I appoint VeraSafe as my UK Article 27 Data Protection Rep?

1. Click “Enroll Now” and submit the necessary information.

2. VeraSafe will send your enrollment paperwork via email.

3. VeraSafe will contact you to provide all of the information needed to implement VeraSafe’s Data Protection Representative service in your organization. Implementation usually takes one business day.

Are you experienced and have expert knowledge of data protection law?

Yes, VeraSafe’s strength lies at the intersection of law and IT. Equipped with these two skill sets not commonly found under the same roof, our team combines data protection attorneys, privacy professionals, alumni of the European Data Protection Board, project managers, and IT security experts. Many of our staff members have earned certifications from the International Association of Privacy Professionals.

If needed, VeraSafe’s UK Data Protection Representation services can be complemented by VeraSafe’s comprehensive privacy and data protection compliance services.

Where can I find the service terms for the UK Data Protection Rep Service?

To review the service terms for our UK Data Protection Representative program, please contact us. VeraSafe’s legal department will promptly send you the service terms.

What documentation do I need to provide to prove that I am compliant with the UK GDPR / Data Protection Act 2018? Will you audit me?

VeraSafe does not proactively audit our UK DPR clients for compliance with the UK GDPR. It’s important to note that at the time of writing, there is no formal certification to easily demonstrate that you are compliant with the UK GDPR or Data Protection Act 2018. However, if you would like to engage VeraSafe to assist you with your UK GDPR compliance, we will be happy to discuss your specific needs and how VeraSafe can help. Contact us today.

UK DPR Service

Immediately Comply With Your Obligation To Appoint a Data Protection Representative in the UK

Key contacts

Matthew Joseph

Matthew Joseph

CIPP/E, CIPP/US, CIPM, FIP

Managing Director

Jim Cormier

Jim Cormier

CIPP/E, CIPM, FIP

Senior Vice President and Head of Professional Services

Do I Need Both an EU and a UK Data Protection Representative?

Do you target individuals
in the UK only?

Do you target individuals
in the EEA only? (i.e., not UK)

Do you target individuals
in the EEA and the UK?

Are you established
in the UK only?

No DPR required EEA DPR Required EEA DPR Required

Are you established
in the EU only?

UK DPR Required No DPR required UK DPR Required

Are you established only
outside of the UK and EU?

UK DPR Required EEA DPR Required Both EEA & UK DPR Required

Easy UK Data Protection Rep Compliance

Comply with UK GDPR Article 27 requirements without establishing a physical presence in the UK.

Administered by Professionals

Our program is administered by attorneys and privacy professionals.

Cost-Effective

Initial enrollment fees are fixed and competitive.

Immediately Comply With Your Obligation To Appoint a Data Protection Representative in the UK

Why VeraSafe?

Track record of successful GDPR compliance assessments across industries.

Work directly with our in-house team of US and European privacy attorneys, IT experts, and project managers.

Strategic, risked-based approach to compliance.

Fully customizable templates and project plan, tailored to fit your circumstances.

Reasonable, flexible fee structure and fully customizable engagement scope.

Holistic approach: Our broad expertise ranges from privacy law to cybersecurity operations.