With Brexit and the interim period coming to an end, the UK is no longer part of the EU. This changes a lot. But not all of these changes are apparent at first glance - those concerning data privacy protection, for example.
Even though the UK is no longer part of the EU, many of its companies still import or export goods and services and still have to abide by the GDPR's rules when dealing with EU-citizens.
Now, different measures have to be taken. Most companies would need a representative within the EU when processing personal data of EU-citizens. We explain when you need a representative, what they do and how you get one.
When do I need a representative?
The GDPR specifies clearly when companies or processors of other kinds need a representative in the EU.
You need a representative if you or your company are based outside of the EU...
...but you offer goods or services to EU-citizens or monitor their behaviour in the EU and process personal data while doing that. So, according to the GDPR, it does not matter where you are based but where you do business.
You don't need a representative when...
- ...you process personal data only occasionally.
- ...you don't process special categories of personal data on a large scale.
- ...you don't process data relating to criminal convictions and offences.
- ...your processing is unlikely to result in a risk to the rights and freedoms of natural persons.
- ...you are a public authority or body.
As the name suggests, a representative represents you in the EU.
The representative works as your spokesperson and answers any requests from supervisory authorities in the EU and negotiates. The idea is for the authority to obtain information about the data processing of EU-citizens more easily.
As with supervisory authorities, the representative is the person in the EU affected people can address when enquiring information or filing complaints.
The actual tasks the representative performs are specified in the mandate they receive from you.
There aren't many regulations concerning who can be a representative. But it makes sense for you to pick someone with an extensive knowledge of the DGPR. That also makes it easier for authorities and affected people.
Who can be a representative?
The representative can be any EU-based natural person or legal entity.
The representative is appointed via a written mandate issued by you.
We, the Sachverständigenbüro Mülot GmbH, have been supporting companies and organisation in all matters of data privacy protection and data security for many years. To us, it is essential to find individual solutions that fit our customers and their particular needs.
Profit from our extensive know-how and our pragmatic approach!Based in Germany, we work as data protection officer in various companies, consult and offer workshops and trainings of our own and renowned institutions alike.
Your competent partner in all matters of data privacy!