Firstly, what is the General Data Protection Regulation (GDPR)? And who is it that really needs an EU Representative?
The General Data Protection Regulation (GDPR) provides a level of international protection for the personal data of EU citizens under Article 3.
GDPR will apply to companies that are processing EU Citizens outside of the European Economic Area (EEA). GDPR imposes a variety of obligations, such as ensuring that they apply the core data protection principles. And treat the data as is required by the GDPR
To assist with accountability, the GDPR establishes the role of the EU Representative under Article 27. The role of the EU Representative is a role distinct from that of a Data Protection Officer (DPO) for a variety of reasons.
What they do?
The main focus of the EU Representative is to be the first point of contact for data subjects and regulators who need to contact the organisation outside of the EEA and
to act in accordance with the instructions that form part of the mandate appointing them.
Top 3 key roles of eU Representative
In essence, the role of the EU Representative is a simple one and includes:
- To be the first point of contact in Europe.
- To receive any complaints and communications in Europe and forward these onto the relevant person within the organisation.
- To liaise between the parties involved with a complaint and provide any assistance when required.
When do you need to appoint an EU Representative?
This means that for compliance. Companies that are operating outside of Europe by trying to market. Or offer goods or services in Europe must appoint an EU Representative.
If they are NOT:
- a public authority or body
- and they are regularly processing personal data on a large scale
- or processing sensitive data.
Will just one EU Representative be sufficient?
The European Data Protection Board (EDPB) outlined in its guidance. That it must be in the member state that they are offering goods and services. Though in the case where it is being offered across multiple countries in the EEA. They do allow for the EU Representative to be based in only one of those countries.
This enables companies seeking to appoint one an easier and more cost-effective route. As appointing a representative in every member state would make it costly and increase the complexity of such an operation.
However, the EDPB guidance states that if the subsidiary is not involved with the data processing activity. Then you are required to appoint one.
3 tips for choosing the right EU Representative
Once the appointment is there, there are a few things that need to do to ensure the smooth operation when handling the requests and complaints.
Dealing with complaints and procedures
This forms the basis for the appointment of the EU Representative, there are several key points to be aware of when doing so:
- Firstly, he needs to give an explicit mandate in writing and outlining the scope of their duties.
- Secondly, they are to operate within the scope of the duties set out in their mandate. They are not really suppose to advise or implement anything in regard to GDPR compliance.
- Thirdly, they must appoint in one of the member states that the company is offering goods or services in.
So there you have it.
If your business is based outside the EU, but you “conduct business in the EU”; you need to appoint one.
Ready to appoint one for your organisation?
Seers can help you protect yourself by complying with the General Data Protection Regulation (GDPR) by using our excellent EU Representative Service.