Data; love it or hate it, has become the new currency. If your business trades in the EU, it is essential that you understand the process of collecting and handling customer/user data in a compliant way. Do you require an EU Representative? Not sure? You are in the right place. With 15 years of experience in the areas of risk and compliance, Gary O’Reilly, the director of SME Comply, sheds light on data handling and EU representation.
What’s an EU Representative?
Not what but who is an EU Representative. Under the EU GDPR, if your business sells (or offers) goods or services to the EU, and/or collects data related to people in the EU (for example cookies) but you do not have a branch in the EU, you must appoint an EU Representative (Article 27 EU GDPR). The EU Representative needs to be established in an EU state where some of the individuals whose personal data you are processing are located. The EU Representative will act as your local point of contact with data subjects and the supervisory authorities in the EU. For example, if a data subject (customer or client) wanted to exercise any of their rights under GDPR, or a supervising authority needed to speak to you about a compliance matter, then they would do so by contacting you EU Representative, who will act as a point of contact. Although the GDPR does not specify the minimum qualifications EU representatives must hold, it is strongly advisable to consider a representative that has a broad understanding of legal and technical data protection issues to be able to communicate with the authorities efficiently. The EU are beginning to come down hard on companies who have not appointed an EU Representative when they should have. In March 2021 the Dutch data protection authority issued a fine of €525,000 to Locatefamily.com for failing to appoint an EU Representative when they should have.
What’s a UK Representative?
When the UK left the EU on the 31 December 2020 it adopted the GDPR and brought it into domestic UK law. It is essentially the same as the EU GDPR, however it is called the UK GDPR, and so companies based outside of the UK offering or selling goods or services to the UK, and/or collects data related to people in the UK (for example cookies) but you do not have a branch in the UK, you must appoint an UK Representative (Article 27 UK GDPR).
I’m still not sure if my business needs an EU representative…
Here is a simple way of determining whether you need an EU or UK Rep (courtesy of SME Comply)
My business needs a Representative, can I instruct via LegalDrop?
Of course! As an SME, you will want to appoint someone who can talk jargon-less legal and business. You’re in luck! Here at SME Comply, we offer textbook knowledge, an MBA as well as 15 years of experience. Get going now with a pre-existing EU Representative service or book a free 15-minutes consultation to discuss the details. A compliant business is a thriving business!
contributed by Gary O’Reilly, SME Comply