EU Representative
Do you have your company headquarters outside the EU? THALES provides the EU representative for you in accordance with Art. 27 of the EU General Data Protection Regulation.
The General Data Protection Regulation (GDPR) does not end at national borders. Those who have customers in the EU but their company headquarters outside the EU (e.g. Switzerland, UK, USA, India, China, Russia, etc.) often also have to comply with the provisions of the GDPR. Companies that do not have their registered office within the EU can also be sanctioned with heavy fines!
Representative according to Art. 27 DSGVO
If you offer goods or services to persons who are in the EU but do not have their own establishment there, you are obliged under Art. 27 GDPR to appoint an EU representative (Vertreter nach Art. 27 / Repräsentant / representative). This representative must be based in the EU. There are only a few exceptions to this obligation. This would be the case, for example, if your processing of personal data was only sporadic. However, this is hardly conceivable for companies.
Companies that are required to provide a representative under Art. 27 must first commission and then appoint one. The representative must have his own registered office within the EU and acts as a contact point for the European supervisory authorities. He is the representative and authorised representative for the receipt of legal documents (see, among others, § 44 BDSG).
Your EU representative according to DSGVO
The representative must be authorised in writing. The power of attorney shall contain a list of all relevant tasks of the representative. The representative must be explicitly named, usually this is done in the privacy statement. Furthermore, in the records of the processing activities according to Art. 30 GDPR.
The representative should also be able to communicate professionally and in a goal-oriented manner with authorities and administrations within the EU. He or she should be familiar with European data protection law and be able to advise you on all matters relating to the requirements of the GDPR. Just like THALES Attorneys at Law.
Is your business affected - talk to us
At Thales Lawyers, we have prepared a short audit that quickly clarifies whether you are obliged to appoint a professional EU representative. With a short enquiry via our Contact form we will contact you immediately.
We are happy to take over your EU representation and representation according to Article 27 of the GDPR. In addition, we will also be happy to support you in implementing the GDPR requirements in your company.
Addendum EU data protection:
Consequences of non-observance
Data protection infringements at EU level are subject to fines. Article 83 of the GDPR provides for fines of up to €20 million or, optionally, up to 4 % of annual worldwide turnover. The dimension of possible fines depends on various criteria, whereby the annual turnover is used as a basis. In Germany, the Data Protection Conference (Datenschutzkonferenz - DSK) has already Concept for the imposition of fines which the German supervisory authorities use as a guideline when imposing fines.