EU Representative
GDPR

FAQ

 

Who must appoint an EU representative under the GDPR?

According to Art. 27(1) GDPR, companies need an EU representative if they offer goods or services to individuals in the EU or observe the behaviour of these individuals and do not have a branch in the EU, but are based in a so-called 'third country' (e.g., USA, China, India, etc.).

 

What are the tasks of the EU representative under the GDPR?

EU representatives act as an additional point of contact for supervisory authorities and data subjects within the EU. They receive correspondence from authorities and coordinate between authorities and companies.

 

What is the difference between a data protection officer and an EU representative?

The EU representative has only very limited tasks compared to the data protection officer. Nevertheless, companies should only appoint entities as EU representatives that have comprehensive knowledge of data protection law in order to be able to accurately classify inquiries and communicate with authorities accordingly.

 

Do companies have to appoint an EU representative in every EU country?

No, appointing an EU representative in one EU country is sufficient.

 

What are the consequences if a company does not appoint an EU representative even though it is obliged to do so?

Failure to appoint an EU representative can result in fines of up to EUR 10 million or 2% of global annual turnover.

In addition, the violation usually gives the data protection authority reason to conduct a comprehensive audit of the company's data protection compliance, which usually leads to the discovery of further data protection violations. In practice, therefore, failure to appoint an EU representative has numerous adverse consequences. Companies can significantly reduce  this risk by appointing an EU representative.