Do EU representatives just respond to individual inquiries and access requests?
Do EU representatives just respond to individual inquiries and access requests independently or do they simply forward those inquiries to the business and share the response for the individual?
Well I think it’s important that they wouldn’t do anything independently and they would be ultimately acting on behalf of the data controller or the data processor in responding to the request. The first thing that they will do, as a matter of practice, is to relay the request or communication that has been received from the data subject to the controller or processor. And if, for instance, that is an Access Request or an exercise of a GDPR subject right, then the receipt by the representative of the request will then trigger the time limits under the GDPR for compliance. With the Access Request for example, it will be normally a month. It may well be that the representative would be communicating back and forth with whoever has initiated the subject access requests or alternatively, there’s nothing to prevent the controller becoming involved directly if that is more convenient or preferable for both parties so it’s really down to whatever suits best for everybody concerned, once the actual request that has been made is being fulfilled within the time limits and in accordance with the GDPR.