With the implementation of the GDPR, many, recurring questions have come to rise and the answers still leave many of us confused. Who really needs Article 27 Representation? And Who doesn’t? Why is that?
Who requires Article 27 GDPR Representation?
The GDPR very clearly states that the Regulation applies to the personal data of people who are in the EU, even when being processed by anyone not established in the EU. The processing activities are related to either (a) the offering of goods or services to people in the EU, irrespective of whether a payment is required, or (b) the monitoring of their behavior.
To break it down, If your (non-EU) business is offering goods or services to people in the EU or you’re monitoring the behavior of individuals in the EU (note that this includes online behavior) the GDPR applies to you and you must designate an Article 27 Representative to avoid penalties and other repercussions that come with non-compliance.
Are there any exceptions?
There is an exemption when it comes to Occasional Processing (Infrequent/Irregular business/procedure/contact with the subject, in specific cases)
In order for this exemption to apply, the following points must apply to you:
- Your processing must be occasional only. It must not include processing of special categories of data or personal data relating to criminal convictions on a large scale and must be unlikely to result in a risk to the rights and freedoms of natural persons.
- If it does not include processing of special categories of data or personal data relating to criminal convictions and offenses on a large scale.
- If it is unlikely to result in a risk to the rights and freedoms of natural persons, it does not require the appointment of a representative.
The requirement of appointing a GDPR Representative applies to all private businesses outside of the EU who are processing data on people in the EU other than on an occasional basis.
If you regularly do business with people in the EU and hold data in relation to prospects or customers located in the EU, you must respect the rights of the people whose data you hold.
Appointing an Article 27 Representative is easy and can be done in a matter of minutes.
Not only do we provide Representation, but we aim to educate you in compliance which in turn rewards you with peace of mind and confidence to move forward and expand your business, profitably, effectively and optimistically.
Find out more HERE.