Consequences of Ignoring GDPR
If you ignore the mandatory requirement of appointing an GDPR Representative you are taking the serious risk of:
Being awarded substantial financial penalties (up to 2% of your global turnover).
Reputational damage to your brand.
Aggrieved data subjects taking civil proceedings in the EEA / EU member state seeking compensation for a data breach.
Loss of market share to competitors in the EU marketplace.
A Working Example
A non EEA organisation does not have offices in the EEA but has a regular client base from the EEA. The organisation must appoint an European representative to act as its direct contact for its clients (the data subjects) and European supervisory authorities. This European representative may be based in Ireland or any other EAA state.
When is an EU Representative Not Required:
You do not need to appoint an European Representative if either:
You are a public authority; or
Your processing is only occasional,
Of low risk to the data protection rights of individuals,
And does not involve the large-scale use of special category or criminal offence data.
GDPR - Implications Beyond EU Borders:
GDPR applies to organisations which are not established within the EU, but do process personal data of EU data subjects (Art.3 (2)).
GDPR can apply to organisations with no business presence in the European Economic Area (including the EU) (“EEA”) if they:
Offer goods or services to data subjects in the EEA (irrespective of whether payment is required of the data subjects), or
Monitor the behaviour of data subjects in the EEA.
Organisations with no presence in the EU that use information of EU data subjects, be they customers or staff members, are subject to EU data protection regulations and are required to have official EU representation (Art. 27).
Working With EU Regulators
Whomever provides your EU representation must be designated in writing, it is this party that EU regulators (supervisory authorities) will seek to contact on all data protection matters. The GDPR Representatives’ job is to demonstrate to EU regulators that your organisation is compliant with the GDPR.
Talk to us today
Your GDPR Representative