UK Data Protection Representative Program

VeraSafe is one of very few well-established privacy law firms and consulting groups to offer UK Data Protection Representative service in a legally-compliant way. Competing service providers often are micro-sized businesses with only one or two staff members. VeraSafe has been in business for more than a decade — much longer than the competitors. These younger service providers may not be legally established in the UK, and use a mail forwarding service as their “establishment” which is not legally compliant. VeraSafe United Kingdom Ltd is legally established in the United Kingdom and our deep bench of privacy attorneys oversees and coordinates our Data Protection Representative services.

The enrollment fee includes the formal appointment of VeraSafe as your data protection representative in the UK. You’ll be entitled to publish VeraSafe’s DPR contact information in any appropriate location, including your privacy notices. Regulators and data subjects can contact VeraSafe in addition to, or instead of, contacting your organization directly. VeraSafe accepts legal liability when serving as the Data Protection Representative of a foreign organization, and the enrollment fee primarily compensates VeraSafe for that risk.

Every organization’s circumstances are unique. Contact VeraSafe immediately if you need assistance interpreting the UK GDPR and understanding precisely how the requirements of the UK GDPR apply to your organization. None of the information presented on this page is legal advice and must not be relied on as such, because it does not take your specific circumstances into account.

Sign the enrollment paperwork VeraSafe will send you, then VeraSafe will promptly draft and send you a paragraph of text to add to your organization’s privacy policy. You will typically need to add this Article 27 UK DPR disclosure to all of your privacy policies that address data subjects in the UK.

Failure to name a representative in your public-facing privacy notice is visible evidence of noncompliance with the UK GDPR, which can attract the attention of the UK data protection and privacy regulator, the Information Commissioner’s Office.

If your organization is based in the UK, you do not need to appoint a Data Protection Representative in the UK, but you might need to appoint a Data Protection Representative in the EU. As of January 1, 2021 many UK organizations that do no have a subsidiary or branch office in the European Union must appoint a Data Protection Representative in the EU. Check out VeraSafe’s EU Data Protection Representative Program for total GDPR Article 27 compliance.

Click here to see a summary of the requirements concerning appointment of representatives both in the UK and in the EEA.

Regulators and data subjects can contact VeraSafe via a web contact form, phone number, and our mailing address in London. These details will be provided to you after your enrollment.

Usually not. VeraSafe will receive, relay, and, only after consultation with you, respond to any communications from regulators or data subjects. If required, we can deliver on demand legal counsel to assist you in responding to such inquiries. However, there are some circumstances where it is necessary for VeraSafe to contact the requestor directly, for example if the data subject does not indicate which VeraSafe client their concern relates to, it is necessary for VeraSafe to contact the data subject to ascertain this critical information.

1. Click “Enroll Now” and submit the necessary information.

2. VeraSafe will send your enrollment paperwork via email.

3. VeraSafe will contact you to provide all of the information needed to implement VeraSafe’s Data Protection Representative service in your organization. Implementation usually takes one business day.

Yes, VeraSafe’s strength lies at the intersection of law and IT. Equipped with these two skill sets not commonly found under the same roof, our team combines data protection attorneys, privacy professionals, alumni of the European Data Protection Board, project managers, and IT security experts. Many of our staff members have earned certifications from the International Association of Privacy Professionals.

If needed, VeraSafe’s UK Data Protection Representation services can be complemented by VeraSafe’s comprehensive privacy and data protection compliance services.

To review the service terms for our UK Data Protection Representative program, please contact us. VeraSafe’s legal department will promptly send you the service terms.

VeraSafe does not proactively audit our UK DPR clients for compliance with the UK GDPR. It’s important to note that at the time of writing, there is no formal certification to easily demonstrate that you are compliant with the UK GDPR or Data Protection Act 2018. However, if you would like to engage VeraSafe to assist you with your UK GDPR compliance, we will be happy to discuss your specific needs and how VeraSafe can help. Contact us today.