The General Data Protection Regulation (GDPR) – Regulation 2016/679 – was adopted in April 2016 and came into force on May 25th, 2018.
The GDPR brings substantial changes to the rules governing data protection at the European level.
In particular, the GDPR provides that under certains conditions, data controllers or processors not established in the European Union (EU) shall appoint a representative in the Union.
Obligation to Appoint a GDPR Representative
Under the GDPR, entities not established in the European Union (EU) who process personal data of EU data subjects must appoint a European-based representative on certain conditions (Art. 27(1) GDPR).
In particular, Art. 27 provides that data controllers or processors not established in the EU shall appoint a representative in the Union where their processing activities are related to:
The offering of goods or services in the Union to data subjects who are in the Union
The monitoring of such data subjects as far as their behaviour takes place within the Union
Failure to Appoint a Representative
10 000 000 EUR OR 2 % ANNUAL TURNOVER
For any infringement of the GDPR, penalties including significant administrative fines may be imposed in addition to, or instead of appropriate measures imposed by the supervisory authorities. (Recital 148 and Art. 83 GDPR)
LOSS OF BUSINESS OPPORTUNITIES
Companies who fail to appoint a GDPR representative can loose the confidence of EU-based clients and partners. Being labelled as a non-compliant company could affect your brand reputation and undermine growth opportunities in the EU.
Stay up to date with Sybil
Appointing an Article 27 Representative is an easy step to show compliance and send a strong message to EU consumers and data protection authorities There appears to be a global movement of reform in the field of data protection law: first the GDPR, then the...read more