Since May 25, 2018, the EU General Data Protection Regulation (GDPR) requires, among other things, the appointment of an EU representative for businesses with customers within the European Union. The EU representative is to be responsible regarding the obligations resulting from the GDPR for the companies. Failure to appoint such an EU representative is likely to result in heavy fines.
EU representative required in case of company headquarters outside the EU
According to Art. 27 of the GDPR, the appointment of one or more EU representatives, depending on the size of the company, is also required for a company headquartered outside the EU if the company
- offers goods or services to persons in the EU, or
- monitors the behavior of individuals in the EU
and is thus subject to the GDPR.
Responsibilities of the EU representative within the company
An EU representative guarantees the observance of rights and freedoms of affected persons in data processing. Furthermore, he or she serves as a contact person for affected persons or supervisory authorities for questions relating to the processing of personal data, in addition to or also instead of the controller or a processor.
The appointment of an EU representative is not necessary if the processing of personal data occurs sporadically. However, this is the exception rather than the rule.
Election and appointment of the EU representative
When selecting the EU representative, it must be ensured that the representative is established in the EU member state where the processing of personal data is to take place. The appointment of the EU representative must be made in writing. In addition, his or her activities within the company must also be recorded in writing. Furthermore, the representative must be named as an authorized representative and, in particular, specified as such in the data protection declaration.
It is recommended that the EU representative who is to be appointed is familiar with the provisions of the GDPR in order to be able to expertly answer any questions from data subjects or supervisory authorities.
WINHELLER provides EU representatives for your company
In order to avoid fines and to ensure lawful handling of personal data subject to the GDPR, the appointment of an EU representative is essential. Our experienced attorneys for data protection law will gladly assume the role of the EU representative for your company! WINHELLER is therefore your ideal source of support for supervisory authorities and data subjects with regard to inquiries in connection with the GDPR. We are happy to offer our service to you at an individual fixed price. Feel free to contact us and we will submit a quote.