EU representative required under the GDPR
Appoint our privacy officer as your representative in the EU to meet your GDPR obligations.
Does my company need an EU representative?
If your company has no offices, branches or other establishments in the EU, yet conducts business with European clients you have to appoint an EU representative. Specifically, under the GDPR, you must appoint an EU representative if you process personal data in the following contexts:
- the offering of goods or services to individuals in the EU (irrespective of whether they are free of charge), or
- the monitoring of behaviour of individuals in the EU (as far as their behaviour takes place within the EU).
This obligation applies to both, controllers and processors.
How do I choose the best EU representative?
EU representatives may be external service providers, either individuals or organizations, such as law firms, consultancies, private companies etc. They must be based in one of the countries where your customers or monitored data subjects are located.
The GDPR does not specify the minimum qualifications an EU representative must hold. However, it is strongly advisable to appoint a representative that has a broad understanding of legal and technical data protection issues enabling them to communicate effectively with the supervisory authorities.
Furthermore, as a contact point between the company and data subjects or authorities, a representative should be able to speak the relevant local language if required.
What will an EU representative do for me?
An EU representative is the point of contact for EU data subjects and data protection supervisory authorities. The representative acts on behalf of a controller or processor with regard to their obligations under the GDPR.
The EU representative also maintains your records of processing activities (ROPA) and makes these records available to the supervisory authorities upon their request.