EU representative required under the GDPR
Does my company need an EU representative?
If your company has no offices, branches or other establishments in the EU, yet conducts business with European clients you have to appoint an EU representative. Specifically, under the GDPR, you must appoint an EU representative if you process personal data in the following contexts:
- the offering of goods or services to individuals in the EU (irrespective of whether they are free of charge), or
- the monitoring of behaviour of individuals in the EU (as far as their behaviour takes place within the EU).
This obligation applies to both, controllers and processors.
What will an EU representative do for me?
An EU representative is the point of contact for EU data subjects and data protection supervisory authorities. The representative acts on behalf of a controller or processor with regard to their obligations under the GDPR.
The EU representative also maintains your records of processing activities (ROPA) and makes these records available to the supervisory authorities upon their request.
How do I choose the best EU representative?
EU representatives may be external service providers, either individuals or organizations, such as law firms, consultancies, private companies etc. They must be based in one of the countries where your customers or monitored data subjects are located.
The GDPR does not specify the minimum qualifications an EU representative must hold. However, it is strongly advisable to appoint a representative that has a broad understanding of legal and technical data protection issues enabling them to communicate effectively with the supervisory authorities.
Furthermore, as a contact point between the company and data subjects or authorities, a representative should be able to speak the relevant local language if required.
4 good reasons why you should choose activeMind.legal as your EU representative
We are a well-established law firm with offices in Berlin and Munich. Our lawyers and experts have many years of experience and a range of data protection and data security certifications.
We have considerable experience of dealing with supervisory authorities in the EU, as well as with data subjects. We also regularly help our clients to create and maintain their record of processing activities.
Our international team speaks 10+ European languages and has comprehensive knowledge of the data protection laws of many EU countries.
If required, we can help you with all your queries about EU data protection law and support you in setting up a data protection management system (DPMS).