Got a question about GDPR or EU Representation?
The following section helps answer many of the questions you may have about appointing an EU Rep. For more information on GDPR and how non-EU companies must comply, contact us and we’ll be delighted to help.
- What happens should you not comply with the law?
The penalties for failure to comply with GDPR are HUGE. There are Administrative Fines of up to €20 million or 4% of global turnover whichever is the highest. In some jurisdictions of the EU, personal criminal liability will attach to persons such as managers, or company directors or other company officers. This can be a personal liability both for criminal fines and for imprisonment, as well as the corporate liability for the administrative fines set out above. Both the Administrative Fines and the personal criminal liability referred to above can be enforced throughout the EU, not just in the country that the Administrative Fine or personal criminal liability is imposed.
- Why comply?
Complying with GDPR shows your customers that your company is accountable and that you take their data protection seriously. Complying with Article 27 of the GDPR creates trust, enhances your company’s reputation and provides security for customer data. It also informs your business partners that your company complies with the EU’s data protection standards and it reduces risks of heavy sanctions that can reach up to €20 million or 4% of global turnover, whichever is highest or indeed personal criminal liability.
- Where is EU Rep based?
We’re based in Ireland. After BREXIT, Ireland will be the only English speaking member of the EU.
- What does your service include?
The Article 27 service provided by EU Rep comprises holding your Article 30 record (as set out by you in the signup process), appointing us as your Article 27 EU Representative, providing you with wording to comply with your transparency obligations under Article 12, 13, and 14 with regard to the notification of EU Rep as your Article 27 Representative, and the execution of a Controller – Processor Agreement in conformity with Article 28.3.
- What extra services do you provide?
The Article 27 service provided by EU Rep consists of the appointment of EU Rep as your EU Representative and all contractual documentation required to make that appointment effective. We will forward all contact from data subjects or supervisory authorities onto you as received, together with general GDPR advice. From time to time however you may require us to issue correspondence on your behalf. Our cost for issuing correspondence on your behalf is €50 per item of correspondence. Should more specific advice be required, we can provide this to you costed on a per item basis according to complexity and anticipated time expediture.
- I am established in North America, USA - What should I do?
If you sell to, or market to EU citizens it is highly likely that you will need to appoint an EU Rep to comply with Article 27 of the GDPR. We can help for a low-cost monthly fee.
- I am established in the EU - Am I exempt?
To be “established” in the EU requires “the effective and real exercise of activity through stable arrangements”, suggesting that a formal base of operations may be required to meet this requirement. If you answered YES – Article 27 does not apply to your business, If No – Article 27 may apply to your business, please continue to the next question.
- Processing of Personal data - Am I exempt?
Article 2 (2)(A) outside the scope of EU law – Is the processing of personal data undertaken in the course of an activity which falls outside the scope of EU law? This exclusion applies to those areas where individual EU Member States retain control, including issues of fundamental rights and national security (Recital 16). Unless you are aware of a specific exemption, it would be best to assume the relevant activities will fall within the scope of EU law. If you answered YES – Article 27 does not apply to your business, If you answered NO – Article 27 may apply to your business, continue to next question.
- Local Authorities - Am I exempt?
Article 27(2)(B) Looks at whether you are a Public Authority: this will include local and central government, as well as most publicly-funded institutions (education, healthcare, judiciary), but may not extend to private education and healthcare, especially where sensitive data (e.g. medical, religion etc) is being processed. It is not clear whether this could be interpreted on a national basis, according to what is defined as a public authority by that country. If you answered YES – Article 27 does not apply to your business, if you answered NO – Article 27 may apply to your business, please continue to next question.
- What are the fees?
Representation here in the EU costs just €19 per month. There is a one-off sign-up fee of €99.
- How would Brexit affect me?
In the event of a no – deal Brexit, or possibly even in the event of a limited deal, you will require to take steps to legitimise the transfer of personal data from the EU. The most likely solution for you will be the use of Standard Contractual Clause (Model Clause) Agreements, and you may also require to put in place Controller – Processor Agreements with your Processors (if you are a Controller) or your Controllers may require to put in place Controller – Processor Agreements with you (if you are a Processor). You will also require your processing to be in conformity with GDPR. We can assist you with this through audits and remediation of your processes and policies (written 28.10.19).
- Why should I choose EU Rep?
We are data protection experts, lawyers and business professionals. We understand exactly what you require.
- What should I do next?
To get started here, simply click on the Appoint your Rep page and fill in the form – it’s that simple!