What is a GDPR Representative and What Do They Do?
NOVEMBER 26, 2018
Article 27 of the General Data Protection Regulation (GDPR) requires that any business not based in the EU that holds data on anyone in the EU, must appoint a representative in the EU for GDPR purposes.
Therefore, if you are a business that does not have a physical presence in the EU, but you hold data on anyone in the EU, e.g. you have customers or prospects for your business in the EU, you must appoint a GDPR representative in the EU for your business.
What does the GDPR Representative do?
The GDPR Representative’s role is to act as point of contact in the EU for your business for any people in the EU on behalf of whom you hold data (called data subjects) and for data protection regulators in the EU. The idea being that EU based data subjects are entitled to have their data protection affairs handled in the EU via parties that are amenable to EU law.
Your representative will be the person whom data subjects will contact if they wish to exercise their rights pursuant to the GDPR. Your representative will also be the first person the regulators will contact if they receive a complaint from someone in relation to your business. Similarly, if you encounter a data protection issue in your business, say for instance you experience a data breach that needs to be notified to the regulator, your local representative is the person to make this notification on your behalf.
If I have appointed a Data Protection Officer do I still have to appoint a Representative?
A GDPR Representative for the purposes of Article 27 is different from a Data Protection Officer (DPO) and the two roles are distinct. If you are required to appoint a DPO for your business and you have done so, this may not fulfil your obligations pursuant to Article 27. Unless your DPO is also based in the EU and designated as your representative there on your behalf in writing, you will also need to appoint a representative separately from the DPO. In reality, if you are outside the EU, your representative will act as your liaison between your DPO and data subjects and regulators in the EU.
Flor McCarthy is one of Ireland’s leading lawyers and a recognised expert in marketing. He has particular expertise and hands-on practical experience in privacy, data protection and GDPR issues for marketers. He is certified by the Law Society of Ireland in Data Protection Practice and lectures lawyers on data protection practice and compliance. He is managing partner of a multi award winning niche legal practice. He has been in private practice for over 20 years and has been elected by his peers to sit on the exclusive Council of the Law Society of Ireland, the governing body for Irish lawyers.
If you process data on EU data subjects and appreciate that compliance with the GDPR is essential for risk management, data-security and customer-confidence in your international business and you feel that you are a good fit for our services please click the button below to schedule a free call with us today.
During the call we’ll answer any questions you may have and we’ll go through our service in full detail so that you have a complete understanding of our solution and how it can benefit your business. We look forward to speaking with you.