Appointing Your GDPR Article 27 Representative in the EU
One of the lesser known but vitally important obligations that non-EU-based organizations face under the EU General Data Protection Regulation (GDPR) is found in Article 27, which is aptly titled ‘Representatives of controllers or processors not established in the Union.’
The GDPR applies to processing of personal data (i.e. data in any way relating to individuals) by organisations that are established outside of the EU, relating to the offer of goods or services to (whether for payment or not) or monitors the behaviour of, any persons situated in the EU. It also applies to any processing of personal data where that processing is governed by any EU Member State’s law, such as where the governing law of a contract is the law of an EU Member State.
In the above scenarios, that non-EU based organisation must formally appoint a Representative in the European Union to represent them on data protection matters.
That Representative should be proficient in EU data protection laws, as they are your Representative for all data protection matters arising in the EU. There are a whole host of obligations arising out of the extra-territorial provisions of the GDPR.
For details onthe cost-effective assistance we can offer you, please contact
David Fagan on +353 1 636 3165 or david.fagan@bizlegal.eu