The EU Parliament adopted the new General Data Protection Regulation in 2016. After a two-year grace period, it came into force in May 2018. For you as an entrepreneur, this means that you will have to implement the new data protection directives if you want to avoid paying millions in fines. However, the GDPR not only applies to companies located within the European Union. It also applies to companies from third countries that are not located in the EU and meet the following criteria:
If one of these items applies to you, Article 27 of the EU General Data Protection Regulation requires you to appoint a data protection representative. You will find an overview of various service providers on our comparison portal. You can get an initial impression and define relevant selection criteria. You will certainly find your EU data protection representative quickly on our site, so you are in compliance with Article 27.
This part of the GDPR is aimed specifically at companies that do not have a location in Europe but process personal data within the EU. If this applies to you, you are obliged to appoint a data protection representative. It is important that they are a person residing in a member state of the EU where you offer your services or goods.
In practice, this means, for example, the following:
You own an online shop and sell your goods or services worldwide. You also deliver to Spain, France, Germany or Austria. As soon as you process personal data within this scope, you must – pursuant to Article 27 of the GDPR – appoint an EU representative who is a resident in one of these countries.
It may be useful for you to compare service providers. After all, the person you select is the sole contact for all data protection questions that arise.
Attention: Even if you have found an EU representative for your company on our comparison platform in accordance with Article 27, you remain legally responsible for data protection within your company. Ultimately, you assume liability. You do not pass this on to your representative.
In the following circumstances, you are not obliged to appoint a representative for controllers or processors not established in the EU:
If you are sure that these items do not apply to you, you do not have to address Article 27 and compare representatives on our site. In this case, however, we recommend visiting our Tips section. Here you will find many suggestions on various topics relating to data protection.
When comparing providers of EU representatives, pay attention first and foremost to the skills and qualifications of the person. After all, the experts are responsible for fulfilling the legal requirements. They must bear responsibility within the following areas:
It becomes a problem if the GDPR representative of your company is not up to this great responsibility. We therefore recommend that you always choose a person with legal or technical knowledge. This person already has the relevant expertise, which will be of great benefit to you in implementing the data protection guidelines.
Attention: What happens if your representative in the European Union turns out to be unsuitable according to the GDPR? In that case the supervisory authority will treat the situation as if you had not hired a data protection representative in the EU.
As you can see, comparing different Article 27 representatives with each other is very useful in order to legally protect oneself. We always advise against appointing a responsible person too hastily if you have not clarified all the facts.