Any organisation processing EU residence data must have a presence inside the EEA. In many cases this will be an existing establishment, such as a branch, representative office or other unincorporated presence — which most companies try to avoid for tax reasons. If there is no permanent presence, the EU law (Art 27 GDPR mandates that the Data Controller or Data Processor “designate in writing a representative in the Union”.)
Failure to do so can incur penalties of up to 10M EUR or 2% of global turnover which ever is greater.
The EU Representative must be located in a Member State where some of the data subjects are. Ireland is an ideal location for EU Representatives with its common law system and huge network or high tech businesses based here.
In addition to complying with the GDPR regulation, the EU representative can also act as the eyes and ears for your business on the ground in the EU when it comes to monitoring the latest GDPR compliance developments. The new EU regulation will evolve quickly in the coming months and years. It’s important that your business is aware of evolutions in case law with respect to GDPR. The other value that this appointment can create for your business is the enhanced trust in the eyes of your customers, prospects and partners.
Contact us now to discuss your options for an EU Representative.
- Convention 108: What and who?As we have written about elsewhere on this site, Convention 108 was the first enforceable Data Protection transnational legislation globally. As the Council of Europe (CoE) describes it “This Convention is the first binding international instrument which protects the individual against abuses which may accompany the collection and processing of personal data and which seeks ...
- Where can my personal data go? GDPR & GeographyMuch has been written about the Brussels effect and how the EU is a regulatory superpower. This article is about a different aspect of European Data Protection law and geography: it is about in which countries European’s personal data can lawfully be processed by default. Introduction Once data has been collected in our globalised world, there is ...
- Brexit & International Data TransfersInternational data transfers from the EU EU data protection law has evolved to provides common standards for data protection across Member States. With that evolution the EU now expect “adequacy” of data protection laws from third countries which are outside the EEA. This expectation was codified in the Data Protection Directive (1995) which prohibited the transfer of ...
- European Data Protection and Data Privacy lawWithout doubt Europe is driving the emergence of Data Protection laws across the globe. This tends to be framed as a result of the introduction of GDPR. However as we have noted previously because of the two supranational legal orders in Europe, today there are two subtlety different laws governing data protection as well as data ...
- European supranational legal ordersThe mess of acronyms which denote various European organisations can be overwhelming. None more so that the legal orders and courts involved in European Data Protection. In this article we explain the origins and purposes of the two main courts CJEU and ECtHR. The big European institutions We discuss the two major European institutions: the European Union ...
- Splinternet: The three global approaches to user data.How personally identifiable data is used is becoming one of the biggest divisions between the USA, EU and China. The three global economic power houses are each pushing their own agenda when it comes to user data. Ever since DARPA developed ARPANet in the 1960s the USA has set the rules and norms for the ...