How does a GDPR Article 27 Representative Help My Business?
JANUARY 16, 2019
Article 27 states that EU based data subjects are entitled to have their data protection affairs handled in the EU via parties that are amenable to EU law. Broken down, this means that Article 27 requires companies that are not established in the EU, yet monitor or process the personal data of people (Data Subjects) within the EU, to appoint an EU-based representative to stand as their point of contact for both individuals and data protection regulators in the EU.
“But, how does this representation affect or even help my business?” you ask.
The purpose and benefit of this is simple: Article 27 representation ensures that EU citizens will be able to easily contact the controllers and processors outside of Europe that hold their personal data, without having the potentially confusing, lengthy and costly efforts which can be required to contact them at their base (Let’s use a small example of an Italian citizen (Data Subject) who wishes to contact a data controller (Business) based in the US.)
In this case as well as many others, The GDPR Representative’s role is to act as point of contact in the EU for your business for any people in the EU on behalf of whom you hold data.
Your representative will be the person whom data subjects will contact if they wish to exercise their rights pursuant to the GDPR. Your representative will also be the first person the regulators will contact if they happen to receive a complaint from someone in relation to your business. And if you encounter a data protection issue in your business, such as a data breach, your local representative is the person to make this notification on your behalf.
I have acquired a Data Protection Officer. Do I still have to appoint a Representative?
A GDPR Representative for the purposes of Article 27 is different from a Data Protection Officer (DPO). The two roles are distinct and very important in their own right. If you are required to appoint a DPO for your business and you have done so, this may not fulfill your obligations pursuant to Article 27. Unless your DPO is also based in the EU and designated as your representative there on your behalf in writing, you will also need to appoint a representative separately from the DPO. In reality, if you are outside the EU, your representative will act as your liaison between your DPO and data subjects and regulators in the EU.
To appoint an Article 27 Representative to help your business thrive after the GDPR implementations, it is important to source out a natural person who understands the basics of privacy, your data services and comes with a experienced set of very good communication skills so that you can rely on them communicating effectively with the authorities and data subjects.
Flor McCarthy is one of Ireland’s leading lawyers and a recognised expert in marketing. He has particular expertise and hands-on practical experience in privacy, data protection and GDPR issues for marketers. He is certified by the Law Society of Ireland in Data Protection Practice and lectures lawyers on data protection practice and compliance. He is managing partner of a multi award winning niche legal practice. He has been in private practice for over 20 years and has been elected by his peers to sit on the exclusive Council of the Law Society of Ireland, the governing body for Irish lawyers.
If you process data on EU data subjects and appreciate that compliance with the GDPR is essential for risk management, data-security and customer-confidence in your international business and you feel that you are a good fit for our services please click the button below to schedule a free call with us today.
During the call we’ll answer any questions you may have and we’ll go through our service in full detail so that you have a complete understanding of our solution and how it can benefit your business. We look forward to speaking with you.