The European Data Protection Board (EDPB) provided very welcome guidance on the role of the Article 27 GDPR Representative following its Fourth Plenary Session.
The EDPB is the body established by the GDPR to guide and supervise data protection across the EU. The EDPB is made up of representatives from the supervisory authorities of all EU member states and replaces the body known as the Article 29 Working Party.
The EDPB has held a number of plenary sessions since its establishment, the fourth was held on 16th November 2018 in Brussels. You can see more details here.
Following this plenary session the EDPB published guidelines the territorial scope of the GDPR and, in this context provided very useful clarification on the nature of and requirement for the data protection representative role in the EU for GDPR purposes pursuant to Article 27.
This clarification is very welcome for non-EU based data controllers in particular in helping them to understand how the GDPR applies to them internationally and what they need to do in order to comply with the requirement for representation contained in Article 27 of the GDPR.
We will be considering these guidelines in details and providing further analysis here in due course. Meanwhile, the EDPB’s guidelines on territorial scope and GDPR Article 27 representation can be accessed here and you can download a copy here.