Appointing a Data Representative for Non-European Businesses under GDPR

Who and when should designate a Data Representative

If an entity (personal data controller or processor) that has no establishment in the EU is processing the personal data of individuals who are in the EU, and such processing is related to the offering of goods or services (regardless of whether the payment is required) or to the monitoring of their behaviour that takes place within the EU, then such entity should appoint the EU Data Representative.

The exceptions when the designation of the EU Data Representative is not compulsory apply:
  • public bodies,
  • the processing of personal data is occasional, does not include large-scale processing of special categories of personal data, and is unlikely to result in a risk to the rights and freedoms of individuals.

Who can be appointed as EU Data Representative

Any legal or natural person established or residing in one of the EU member states where the individuals whose personal data is processed or whose behaviour is monitored are. The designation must be done in writing. Needles to say, the tasks of the EU Data Representative will have been carried out in a much more efficient way if the designated person is an expert in the field of data protection and privacy.

What are the tasks of EU Data Representative

Basically, the EU Data Representative serves as a point of contact for the data protection supervisory authorities and the individuals in relation to personal data processing and personal data protection, and can be contacted by them, in addition to or instead of, the non-EU entity. It represents the personal data controller or processor regarding their obligations under the GDPR. Consequently, the identity and the contact information of the EU Data Representative should be included in the privacy notices (privacy policy).
The EU Data Representative must maintain records of processing activities on behalf of the non-EU data controller or processor. It must also cooperate with the personal data supervisory authorities in the performance of their tasks, upon request.

What are the sanctions for non-designation of EU Data Representative

10 million Euros or up to 2 % of the total worldwide annual turnover of the preceding financial year, whichever is higher.

We are a non-EU business; can you help us be GDPR-compliant?

By all means. Reach us here (contact)

Avtor: Law office JK Group
Objavljeno: 21.11.2023

Oznake: EU Data Representative, gdpr, eu, non-EU entity, company, privacy policy, notice


Vas zanima več?


Na spletni strani uporabljamo piškotke (cookies). Nekateri piškotki zagotovijo, da stran deluje normalno, drugi poskrbijo za vašo lažjo uporabo spletne strani, štetje števila obiskovalcev in delovanje vtičnikov, ki omogočajo deljenje vsebin. Če boste nadaljevali, bomo sklepali, da ste z veseljem sprejeli vse piškotke.
Zavrni piškotke.