Do you have a need to appoint an EU GDPR Representative according to Art. 27 (GDPR?
The GDPR Compliance Consultancy can act as your single point of contact for in the EU and EEA. Once we are appointed, you have complied with Art. 27 GDPR, which is an important legal requirement. We can answer enquires from customers, suppliers and regulatory authorities alike.
The GDPR CC EU Representative Program provides a simple, professional, cost-effective way of satisfying the requirements of Article 27 of the EU General Data Protection Regulation (GDPR).
The EU GDPR requires organisations that are regulated by the GDPR must be represented in the EU/EEA. If there is no physical presence in the EU/EEA, then a the business can appoint a body to represent their data protection interests in Europe. Therefore, this compliance means that they can respond to the inquiries of European regulatory agencies, as they arise.
Why appoint the GDPR CC as your company’s official EU representative for data protection? By doing so, you can be assured that your organisation has complied to article 27 of the regulation. This is an important step towards achieveing GDPR compliance. We can then respond to the local regulatory body or bodies in a reliable, professional manner to any European privacy inquiries. This will not be affected by the United Kingdom leaving the European Union on 31st January 2020.
Article 27 of the GDPR is below:
Representatives of controllers or processors not established in the Union
- Where Article 3(2) applies, the controller or the processor shall designate in writing a representative in the Union.
- The obligation laid down in paragraph 1 of this Article shall not apply to:
- processing which is occasional, does not include, on a large scale, processing of special categories of data as referred to in Article 9(1) or processing of personal data relating to criminal convictions and offences referred to in Article 10, and is unlikely to result in a risk to the rights and freedoms of natural persons, taking into account the nature, context, scope and purposes of the processing; or
- a public authority or body.
- The representative shall be established in one of the Member States where the data subjects, whose personal data are processed in relation to the offering of goods or services to them, or whose behaviour is monitored, are.
- The representative shall be mandated by the controller or processor to be addressed in addition to or instead of the controller or the processor by, in particular, supervisory authorities and data subjects, on all issues related to processing, for the purposes of ensuring compliance with this Regulation.
- The designation of a representative by the controller or processor shall be without prejudice to legal actions which could be initiated against the controller or the processor themselves.