Brexit and the GDPR: What's changing?

With Brexit and the interim period coming to an end, the UK is no longer part of the EU. This changes a lot. But not all of these changes are apparent at first glance - those concerning data privacy protection, for example. 

Even though the UK is no longer part of the EU, many of its companies still import or export goods and services and still have to abide by the GDPR's rules when dealing with EU-citizens. 

Now, different measures have to be taken. Most companies would need a representative within the EU when processing personal data of EU-citizens. We explain when you need a representative, what they do and how you get one.

When do I need a representative?

The GDPR specifies clearly when companies or processors of other kinds need a representative in the EU.

You need a representative if you or your company are based outside of the EU...

...but you offer goods or services to EU-citizens or monitor their behaviour in the EU and process personal data while doing that. So, according to the GDPR, it does not matter where you are based but where you do business.
You don't need a representative when...

  • process personal data only occasionally.
  • don't process special categories of personal data on a large scale.
  • don't process data relating to criminal convictions and offences.
  • ...your processing is unlikely to result in a risk to the rights and freedoms of natural persons.
  • are a public authority or body.

Need Support?

Data privacy protection is our strong suit. Whether you need a representative in the EU or a consultation - we are there for you.

Learn more

What does a representative do?

As the name suggests, a representative represents you in the EU.

Supervisory authority

The representative works as your spokesperson and answers any requests from supervisory authorities in the EU and negotiates. The idea is for the authority to obtain information about the data processing of EU-citizens more easily.

Affected Person

As with supervisory authorities, the representative is the person in the EU affected people can address when enquiring information or filing complaints.


The actual tasks the representative performs are specified in the mandate they receive from you.

How do I get a representative?

There aren't many regulations concerning who can be a representative. But it makes sense for you to pick someone with an extensive knowledge of the DGPR. That also makes it easier for authorities and affected people.

Who can be a representative?

The representative can be any EU-based natural person or legal entity.


The representative is appointed via a written mandate issued by you.


When you appoint a representative, you should update your privacy policy and your record of processing activites. Furthermore, you should inform the people affected.

About us

We, the Sachverständigenbüro Mülot GmbH, have been supporting companies and organisation in all matters of data privacy protection and data security for many years. To us, it is essential to find individual solutions that fit our customers and their particular needs.

Profit from our extensive know-how and our pragmatic approach! 

Based in Germany, we work as data protection officer in various companies, consult and offer workshops and trainings of our own and renowned institutions alike.

Your competent partner in all matters of data privacy!

Your competent partners

How may we help you?

Wir verwenden Cookies
Unten finden Sie Informationen über die Zwecke, für welche wir und unsere Partner Cookies verwenden und Daten verarbeiten. Sie können Ihre Einstellungen der Datenverarbeitung ändern und/oder detaillierte Informationen dazu auf der Website unserer Partner finden.
Analytische Cookies Alle deaktivieren
Funktionelle Cookies
Andere Cookies
Wir verwenden Cookies, um die Inhalte und Werbung zu personalisieren, Funktionen sozialer Medien anzubieten und unseren Traffic zu analysieren. Mehr über unsere Cookie-Verwendung
Einstellungen ändern Alle akzeptieren