Audit of the company in terms of being subject to the obligation to have an EU/UK Representative
Is this service right for me?
I run a blog whose newsletter is subscribed to by people from EU and the UK
My company starts selling to UK and EU customers
Company audit - in terms of the obligation to have an EU/UK Representative
AUDIT - EU/UK REPRESENTATIVE
This service is suitable for:
When preparing an audit for your company, we will ask you for information on the quantity and type of personal data that you collect from natural persons from EU and UK as part of your business.
We will then determine whether you are required to appoint a representative in the EU/UK.
We will describe all this for you in the “Post-Audit Report”, which, in the event of an exemption from the obligation, you will be able to use as a prove of this.
The obligation to appoint a Representative in the EU or UK applies not only to those businesses that sell their products or services and are not based in a given area, but also to those companies that process data of people without conducting any sales – a good example here is the BLOG which has international range.
Who does the obligation apply to?
According to Art. 27 GDPR / UK GDPR, this obligation applies to most companies that are not based in the EU / UK and process personal data in connection with monitoring behaviour or in connection with offering goods or services directly to data subjects – in the EU / UK .
It does not matter whether the company charges for such goods or services or not.
Companies may be exempt from the obligation under Art. 27 if their processing is:
- does not include large-scale processing of special categories of data (such as personal data relating to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, sex life or sexual orientation, etc.)
- and is unlikely to result in a breach of privacy.
Companies should prove their exemption from the obligation to appoint an EU/UK Representative, e.g. through a post-audit document.
What is the role of the REPRESENTATIVE in accordance with Art. 27 GDPR/UK GDPR?
The Appointed Representative has a mostly passive role: he will be indicated in the privacy notice of the non-EU/UK company in accordance with art. 13.1 (a) and 14.1 (a) – as a contact person – instead of a non-EU/UK company – in particular in relation to communication with supervisory authorities and data subjects in matters related to data processing in order to ensure compliance with the regulations [within the scope of obligations under the GDPR/ UK GDPR in accordance with Art. 4 (17)].
Within the scope of active duties:
The representative keeps records of processing activities for a company outside the EU/UK (which is obliged to prepare and provide such documentation in accordance with Article 30).
The representative will also “cooperate” with the supervisory authority in accordance with Art. 31.
Who can companies appoint as REPRESENTATIVE?
Companies can designate either a natural person or another company. The representative may reside or be based anywhere in the EU/UK where the relevant data subjects reside. The same person or company may act as a Representative pursuant to Art. 27 and the Data Protection Officer in accordance with art. 37-39.
How to appoint?
Companies can appoint a representative by means of an informal letter, which does not have to contain more than one sentence.
Article 27 par. 1 only requires that the designation be ‘in writing’.
If the company appoints an individual or unrelated organisation, it should also enter into a separate service agreement to clarify obligations, remuneration, the right to terminate the contract and other terms and conditions.
Penalty for no EU/UK REPRESENTATIVE?
A business entity/organisation that, despite being subject to the obligation, does not appoint its representative in the EU or UK – may be subject to an administrative penalty:
up to 10 million EUR or 2% of the annual turnover – in the EU; or up to 8.7 million GBP or 2% of the value of annual turnover – in the UK.
EU / UK Representative
Make an appointment for a free consultation
Go to the calendar, which will show you available dates.
Choose a day and time that suits you.
1 hour before the selected date of the online meeting - we will send you an email - a link to the meeting room.
See you soonFree online meeting