Not based in the EU? You still might need to be compliant with the GDPR and appoint a representative!
If you are a controller or processor not established in the EU and process personal data of data subjects who are in the European Union, you must appoint a representative. This representative in the Union is the point of contact for all questions concerning the data protection of EU citizens and the contact for data protection supervisory authorities.
The General Data Protection Regulation (GDPR) will apply as of May 25, 2018. According to Art. 3 GDPR it is applicable irrespective of where a company is located and where the processing takes place as long as the processed data pertains to data subjects in the Union.
According to Art. 27 GDPR, a representative must be appointed in at least one EU country when the processing activities are related to
- the offering of goods or services, irrespective of whether a payment of the data subject is required, or
- the monitoring of their behaviour as far as their behaviour takes place within the Union.
Even the analysis of visitors of your website can be considered monitoring. If one of the above criteria is given, you need to appoint a representative, unless an exception applies. The obligation to designate a representative in the Union does not apply to processing which is
- does not include, on a large scale, processing of special categories of data like racial or ethnic origin, political opinions, religious or philosophical beliefs or processing of personal data relating to criminal convictions and offences, and
- is unlikely to result in a risk to the rights and freedoms of natural persons, taking into account the nature, context, scope and purposes of the processing.
It is important to note that the controller or processor must comply with all these criteria described above in order to be exempt from the obligation to appoint a representative. You also do not need a representative if you have an establishment within the EU.
We can help you assess whether the GDPR applies to you and whether you need a representative. If so, we can act as your representative.
Additionally, we can support you in becoming compliant, act as your external data protection officer and advise you on an ongoing basis.
The fee for a representative as a service starts at 499,90 € / year*.
Please contact us at firstname.lastname@example.org or at +49 228 74 898 0.
* The representative service is already included in our offer "External Data Protection Officer". We will gladly send you a quote for that, too.