Title: Who Really Needs To Appoint An EU Representative? (1)
1Who Really Needs To Appoint An EU
Representative?
EU Representative
Firstly, what is the General Data Protection
Regulation (GDPR)? And who is it that really
needs an EU Representative? The General Data
Protection Regulation (GDPR) provides a level of
international protection for the personal data of
EU citizens under Article 3. Article 3 outlines
that GDPR will apply to companies that are
processing EU Citizens outside of the European
Economic Area (EEA). GDPR imposes a variety of
obligations, such as ensuring that they apply the
core data protection principles and treat the
data as is required by the GDPR. This issue also
comes into play for companies and organisations
that are involved in the international transfer
of data. To assist with accountability, the GDPR
establishes the role of the EU Representative
under Article 27. The role of the EU
Representative is a role distinct from that of a
Data Protection Officer (DPO) for a variety of
reasons. What Does An EU Representative Do? The
main focus of the EU Representative is to be the
first point of contact for data subjects and
regulators who need to contact the organisation
outside of the EEA and to act in accordance with
the instructions that form part of the mandate
appointing them. While Data Protection Officers
(DPOs) are expected to be given a degree
of autonomy in order to enable them to carry out
their duties effectively and advise on the
compliance issues relating to data protection.
2- Top 3 Key Roles Of An EU Representative
- In essence, the role of the EU Representative is
a simple one and includes - To be the first point of contact in Europe.
- To receive any complaints and communications in
Europe and forward these onto the relevant
person within the organisation. - To liaise between the parties involved with a
complaint and provide - any assistance when required.
- Though all activities they assist with should be
dealt with under the written mandate, along with
this, the appointing organisation should set out
procedures and the correct lines of
communication, so that all parties involved are
aware of their duties and manage responses in
line with the deadlines that are expected under
the law. - When do you need to appoint an EU Representative?
- This means that for compliance, companies that
are operating outside of Europe by trying to
market or offer goods or services in Europe must
appoint an EU Representative. - If they are NOT
- a public authority or body
- and they are regularly processing personal data
on a large scale - or processing sensitive data.
- There are some areas in which confusion can arise
then appointing an EU Representative, such as
where they are required to appoint one, whether
in any member state.
3Some companies might be exempt for another
reason however, this is when they are
established in the EU with a subsidiary and that
subsidiary is directly involved with the
processing activities. However, the EDPB
guidance states that if the subsidiary is not
involved with the data processing activity, then
you are required to appoint an EU
Representative. However, the subsidiary can be
appointed to be the representative in theory if
it is operating in one of the states in which you
are offering goods and services. If that is not
the case, then appointing an independent
representative in another state will be
required. 3 tips for choosing the right EU
Representative Once the appointment of an EU
Representative has been made, there are a few
things that need to be done to ensure the smooth
operation when handling the requests and
complaints. Dealing with complaints and
procedures First, the EU Representative needs to
be listed under the contacts in the privacy
policy, in order to enable the data subjects to
know who to contact, to make such any
requests. The other area that needs to be
discussed between the company and its
representative is the key procedures and lines of
communication that need to be set up for a
responsive system to be put in place, such as
verifying the responses from data subjects.
- This forms the basis for the appointment of the
EU Representative, there are several key points
to be aware of when doing so - The EU Representative needs to be given an
explicit mandate in writing and outlining the
scope of their duties. - An EU Representative is a role and appointment
distinct from that of a - DPO, they are to operate within the scope of the
duties set out in their mandate. They are not
really supposed to advise or implement anything
in regard to GDPR compliance. - When appointing a representative, they must be
appointed in one of the member states that the
company is offering goods or services in.
4So there you have it. If your business is based
outside the EU, but you conduct business in the
EU you need to appoint an EU Representative Rea
dy to appoint an EU Representative for your
organisation? Seers can help you protect yourself
by complying with the General Data Protection
Regulation (GDPR) by using our excellent EU
Representative Service.