Under EU GDPR, you may now be required to appoint an EU Rep if:
- YOUR COMPANY IS BASED IN THE UK
- YOU SELL GOODS OR SERVICES TO PERSONS IN THE EU OR MONITOR PERSONS’ BEHAVIOUR WITHIN THE EU
- YOU DO NOT HAVE ANY OFFICE OR BRANCH IN THE EU
Privacy Minders EU provides Representative Services to clients who must comply with EU GDPR and their obligation to appoint an EU Representative.
Complete the form below to receive a SPECIAL INTRODUCTORY OFFER for choosing either our EU Representative Services or EU Representative Services or both, and receive a FREE EVALUATION of whether your company must appoint an EU Representative, an EU Representative, or both.
Why choose Privacy Minders?
In Privacy Minders we pride ourselves as experts in GDPR compliance services and we make sure that the quality of the services provided to our clients shows this expertise.
We evaluate our services and processes to maintain efficiencies and add value wherever possible.
Our very good knowledge of GDPR and data protection, including data subjects’ rights and supervisory authorities’ powers allow us to undertake the EU Representative role and to facilitate any informational or other procedural communication between your company and the data subjects as well as the supervisory authorities.
Our quotes are very competitive, and we strike for keeping them at a low level. Our prices start from €400/year and you get a full range of EU Representative services.
Which services does Privacy Minders provide as EU Representative?
Privacy Minders, as EU Representative, supports the non-EU company to comply with the obligation under Art 27 of the GDPR. Our services include:
Company’s representation in all Member States
Direct contact in the EU to the Supervisory Authorities and individuals
EU postal address and dedicated email address for requests from individuals
Being company’s authorized agent to receive legal documents
Retaining a record of Company’s processing activities
Certificate proving our appointment as the company’s EU Representative
Giving you permission to use the certificate and our logo on your website and privacy notice
Under Article 27 of the GDPR, companies not established in the EU must appoint a representative in an EU member state, if the company sells goods or services to persons in the EU or monitors the behaviour of individuals in the EU. Following Brexit, companies in the UK will be subject to the same requirements, as they will no longer be established in the EU.
Τhe EU Representative acts as the liaison between your company and the individuals as well as the supervisory authorities, on all issues related to data processing, for the purposes of ensuring compliance with GDPR.
The EU Representative’s contact details should be easily accessible to supervisory authorities, for example, by publishing it on your website and should also be provided to data subjects, for example, in your privacy notice.
The Data Subjects and the Supervisory Authorities can contact the EU Representative in addition to or instead of the non-EU company on all issues related to data processing. The EU-Representative has to maintain records of processing activities for the non-EU company.
Companies outside of the EU need to demonstrate an intention to establish commercial relations with EU customers. According to the Guidelines 3/2018
on the territorial scope of the GDPR, the mere accessibility of the website in the EU, of an email address or of other contact details, or the use of a language generally used in the third country where the non-EU company is established, is insufficient to manifest the intention to offer goods and services to EU customers.
In order to assess if goods and services are offered to EU customers, the following factors should be taken into account:
- using languages of EU Member States
- offering payments in a currency of an EU Member State
- having marketing activities directed to EU customers
- mentioning of customers or users who are in the EU
- referring to addresses or phone numbers to be reached from an EU Member States
- using EU domains
- offering goods’ delivery in EU Member States
The EU Representative should be based in one of the Member States where the non-EU companies offer goods or services to Data Subjects, or monitor their behavior. The EU Representative can represent the company in all other Member States and his/her location does not determine the Lead Supervisory Authority.
Yes. Every separate company must appoint an EU Representative. Privacy Minders offers special options to manage the representation of the affiliates by choosing one of our group packages (small-, medium- or large-sized). The number of affiliates determines which group package fits the group of companies.
Companies outside of the EU do not have to appoint an EU Representative
when all the three following conditions are fulfilled cumulatively:
- data processing is occasional, and
- data processing does not include large-scale processing of special categories of personal data, or personal data related to criminal convictions and offences, and
- data processing is unlikely to result in a risk to the rights and freedoms of natural persons.
Please note that it is highly unlikely for a non-EU company to fulfill all the above conditions and thus to be exempt from the obligation to appoint an EU Representative.
The GDPR applies to companies outside of the EU regarding the obligation to appoint EU Representative under the conditions provided in article 27 of the GDPR. Fines of up to €10 million or 2% of the worldwide annual turnover may be enforced by Data Protection Authorities or Data Subjects claims submitted to the Authorities.