If you do not have an office in the EU/EEA, but still process data from individuals based in the EU/EEA, then you still need to comply with the GDPR regarding your data processing and the GDPR requires you to appoint a representative.
If you do not have an office in the EU/EEA, but still process data from individuals based in the EU/EEA, then you still need to comply with the GDPR regarding your data processing.
As you do not have a base inside the EU/EEA, the GDPR requires you to appoint a representative. This representative needs to be set up in an EU or EEA state where some of the individuals whose personal data you are processing are located.
You need to authorise the representative, in writing, to act on your behalf regarding your GDPR compliance. Be aware that a Data Representative is not a Data Protection Officer (DPO). It is a distinct role with its own responsibilities.
The representative’s role is to ensure that you comply with the GDPR by enabling communication with individuals in Europe and European data protection authorities.
Your representative can be an individual, or a company or organisation, and must be able to represent you regarding your obligations under the GDPR (e.g. a law firm, consultancy or private company).
Lastly, the representative will help you meet your Article 30 requirements (records of processing activities) and provide you with updates relating to the GDPR.
Read more about the record of processing.
You will most likely need to appoint a representative, If you are based outside the EU/EEA and do not have a branch, office or other establishment in any other EU or EEA state, but you either:
Visit our Complaince School and learn about the different GDPR-related terms, including data controller, data processor and data subject, through a series of free video lectures.Watch now
Join our free bi-weekly newsletter focused on news and updates from the legal landscape of data privacy.