The representative is assigned by the company’s executive/s or its leading data processor, to act as contact person, especially for inspecting authorities, answering all inquiries on his/her behalf that may arise concerning the compliance with the data protection regulations. Thus, the representative is an appointed agent for receiving legal documents and a spokesperson for inquiries by authorities as well as individuals from the EU.
Whom can I appoint as my EC-Representative?
The appointed representative must be a resident in one of the EU member countries, in which the data processing occurs. He/she must be a natural person or legal body, who is appointed in writing by a supervisor or processor according to Article 27. A legal body is a natural, juristic or other person, who has rights and is bound to responsibilities. The representative does not necessarily have to be a lawyer or data protection professional.
However, as the representative is obligated to communicate with authorities as well as affected individuals regarding a multitude of legal questions, it is highly advisable that the representative knows all GDPR guidelines very well. Additionally, the EC-Representative should have a sound understanding of all data processes within your company – what and how your company uses data. Ideally the EC-Representative has relevant experience in dealing with authorities in the areas of regulation and compliance. The EC Representative provided by Data Business Services is a specialized data privacy lawyer located in Germany.
How to appoint a representative?
The representative needs to be assigned in writing. The mandate should include the actual functions and duties of the representative. At this point, the respective authority does not need to be informed about the appointment. However, you must mention the representative in your information for the affected individuals (normally your company’s privacy notice) as well as in the report of your data processes.
What happens, if I fail to appoint a representative?
Ignoring the regulation can result in fines of up to € 10 million.
What can Data Business Services do for me?
Data Business Service assumes the representation according to Art 27 EU-GDPR for companies that are not based in the EU, especially those from the United States and the Asian Pacific region.