Oval design shape Oval shadow
Oval design shape Oval shadow Oval glow

Why an EU Representative will be important under the GDPR.

Does your company need an EU representative?

If your company is based outside of the EU, then you will need to have a representative resident in an EU country in order to be GDPR compliant. Failure to do so could result in administrative fines of up to 2% of your annual turnover, or €10 million, whichever is higher. ( GDPR Art. 83 (4) a))

Are there any exemptions?

There is one exemption where a non-EU company is not required to have an EU representative. If your company processes personal data ‘occasionally’, and is unlikely to result in a risk to the rights and freedoms of natural persons, then you are exempt. What exactly constitutes as ‘occasionally’ remains to be defined.

What are the tasks of the EU representative? T

he representative acts on behalf of the controller or processor with regard to their obligations under GDPR. The representative acts as a direct contact to the authorities and data subjects, while also being an authorized agent to receive legal documents. Representatives may also be tasked with maintaining records of processing activities (GDPR Art. 30 (1) and (2)) and making records available to the supervisory authority (GDPR Art. 30(4)). It is important to note that the designation of an EU-based representative does not affect the responsibility or liability of the controller or of the processor under GDPR. Art. 27(4)

How do you authorise an EU representative?

You authorise the representative in writing. The designation should contain the representative's tasks. You don't have to inform your competent authority but you must name the representative in your information to the data subject (typically your privacy policy), (GDPR Art. 13 and 14) and your records of processing activities, (GDPR Art. 30).

Who can I choose to be my representative?

The role of representative should not be confused with that of the DPO (Data Protection Officer). Representatives of non-EU companies will not be required to assess GDPR compliance. The representative is not required to be a legal professional, or a data security professional. However, given that the representative may be required to communicate with authorities and data subjects over a variety of issues, it would be beneficial for the representative to have a good knowledge of GDPR regulations. In addition to this, your company representative should ideally have a good understanding of your company’s data services and professional experience working with authorities in the areas of regulation and compliance.

For more information on EU Representatives contact us directly using the form below: 

Contact Form



Your Message

Oval design shape Oval design shape