Obtaining a GDPR Data Representative in the EU for GDPR compliance is an important consideration that you, as a business owner, must think about.
The General Data Protection Regulation
(GDPR) was brought into force on the 25th May 2018 and is significant because it strengthens data protection in the European Union (EU). GDPR clarifies what a company’s processes are with regard to personal data and what they must do to protect people’s rights.
GDPR imposes obligations on any organisation that targets or collects data relating to people in the EU, therefore applying to data controllers and processors with headquarters both inside and outside the EU. Find out more about GDPR obligations by reading our blog post on ‘Handling Personal Data Correctly
If you are wondering if you need a EU Representative for GDPR Compliance, ask yourself the following questions:
- Does my business process large amounts of data from EU data subjects or process special categories of data?
- Does my business have an office in the EU?
If the answer is yes for the first question and no for the second question, your business must appoint a GDPR Data Representative. If the answer is yes for both questions, you must appoint a Data Protection Officer (DPO). This rule applies to businesses operating both within and outside of the EU.
Failure to appoint an EU representative can result in your business being fined. EU regulators have started to fine non-EU companies who do not comply with Article 27, including Locate Family
who was fined €525,000.
There are some exceptions that have been detailed in Article 27
of the GDPR; if your processing is occasional, does not include large scale processing, does not include special data categories, is unlikely to present risks to the rights and freedoms of EU data subjects or is a public body.
Now that you know if you and your business needs an EU legal representative, read the rest of this blog to answer the following questions:
- What is an EU legal representative?
- Who is my EU representative?
- Where can you locate your EU representative?
- Where can you get legal advice about UK EU representatives?
What is an EU Legal Representative?
An EU representative is defined in GDPR Article 27
as someone who is:
- Nominated by the controller or processor to be addressed in addition to the controller or processor, by EU regulatory bodies on all issues related to processing, for the purpose of ensuring compliance with GDPR
- Established in a Member State where you process personal data or monitor behaviour
Your EU representative is often seen as your public face within the EU because it is easier for international bodies to contact someone based in the EU than elsewhere. Your GDPR data representative can be either a natural or legal person who is based in the EU and who is in charge of enforcing GDPR. Authorities may contact this specific individual regarding data processing.
GDPR does not explicitly assign major responsibility to your Eu representative, however they will be expected to perform several duties, such as:
- Act on your behalf when dealing with supervisory authorities
- Assist you in meeting the requirements of Article 30, which is the Record of Processing Activities (ROPA).
- Allow supervisory authorities to access records as necessary
- Provide you with any GDPR updates, amendments, and new readings as they apply to you and your business
It is important to note that a GDPR data representative is not the same as a Data Protection Officer. They are separate roles with their own sets of responsibilities. Read our blog post ‘Does My Business Need a Data Protection Officer?
’ to understand more about the differences between an EU legal representative and a Data Protection Officer.
Who is my EU Representative?
As mentioned in the previous section, your EU representative can either be a general person you employ or someone with legal expertise, as long as they are located in the EU country where you process the most amount of data. Your GDPR data representative must be able to represent you in relation to your obligations under the EU GDPR. Read the next section to find out your options if you process data equally across EU countries.
It is required by law that you appoint your EU representative in writing, as set out in the GDPR. There must be a written contract between you and your GDPR EU representative because, in the event that the EU is unable to contact you, it may use the contract to exercise its right to bring proceedings against your representative.
The contract should include:
- Name and address of your company
- Name and contact information for your EU Representative
- The terms of the appointment - this includes terms such as pay, hours and termination notice
- Clauses balancing liabilities between both parties
- Indemnity clause - this is a promise by one party to be responsible for the loss of the other party, and to cover it in instances where it would be unfair for that party to bear the loss themselves
- A non-disclosure agreement (NDA)
- A reference to the need to appoint an EU representative, as per the regulations outlined in GDPR Article 27
Where Can You Locate Your EU Representative?
You might be wondering where you can locate an EU representative for your business. This blog post has already discussed that you can appoint either a general or legal person. However, there are also companies designed specifically for the purpose of helping your business with EU GDPR compliance.
You can book a consultation with one of our expert lawyers
to receive business legal advice about appointing an EU representative.
If your business processes data equally across EU countries, you can choose which EU Member State your EU representative will be based in. It is important to remember that the UK is no longer considered a Member State, since Brexit. In this instance, the Republic of Ireland and the Netherlands are two excellent locations for placing your EU legal representative; the Republic of Ireland is a major international business hub and the Netherlands is home to many multinational corporations.
You Can Get Legal Assistance from LawBite
As a business owner, LawBite can offer you legal advice
on EU GDPR compliance. Our expert data protection lawyers and solicitors can provide clarification and assistance with your situation.
Learn more about how to protect your business with our information on taking the risks out of your business
. You can also read our Post-Brexit GDPR Refresher to understand how Brexit has affected GDPR. We also offer affordable GDPR packages for your business, to ensure GDPR compliance - find out more here
Book a 15-minute consultation with one of our expert lawyers to discuss how LawBite can help you with how to lease commercial retail space. Get in touch with us today by calling us on 020 38088314
or make an enquiry
Additional useful information