• Facebook Social Icon
  • LinkedIn Social Icon
  • Twitter Social Icon

UK: 44(0) 207 1755 882

US: 803 348 0000

 

© 2019 The Trust Bridge

Nominated European Representative Service

Through our partnership with XpertDPO, based in Ireland, we can offer a Nominated European Representative Service (a legal requirement under GDPR Article 27). 

 

Whilst the GDPR is a European regulation, many organisations outside of Europe will be unaware that they are required to appoint a Nominated European Representative under certain conditions.

Furthermore, the requirement to appoint a European Representative is not new.

Some organisations outside the EU were subject to a similar requirement prior to 25th May 2018.

The GDPR applies to Data Controllers AND Data Processors that process personal data of individuals in the EU, regardless of where the organisation is established in the world.  Personal Data under the GDPR has a much wider scope than PII as used in the United States.

Those organisations that are not established inside the EU are required to appoint a representative who is established in the EU for purposes of GDPR compliance.

A Data Protection Impact Assessment (DPIA) describes a process designed to identify risks arising out of the processing of personal data and to mitigate these risks as far and as early as possible.

Article 27 of the GDPR states that a Controller or Processor who is not established in the EU and offers goods or services to data subjects in the EU or monitors the behaviour of Data Subjects occurring within the EU must appoint, in writing, a representative within the EU

We can deliver these services in all European languages and our service is backed up with experienced and qualified data protection expert

The Trust Bridge working with XpertDPO

Why do you need an EU representative office?

 

If your business is offering Goods and Services to the EU

there is a requirement for EU Representation

 

This applies to ALL organisations

This is a requirement under new laws.

 

Did you know that, if your organisation is based outside Europe, including British organisations post Brexit, under the new GDPR, your organisation must appoint a “Nominated European Representative” (NER)? 

 

You are not alone.  Many organisations are unaware of this requirement.  And that includes those based in North America.

 

The long arm of GDPR requires that both Data Controllers and Data Processors who are not established in the EU and who offer goods or services to data subjects in the EU,  or who monitor the behaviour of Data Subjects occurring within the EU must appoint, in writing, a representative within the EU.

 

This “representative” can be “a natural or legal person established in the EU, designated by the controller or processor”.

 

What does the EU representative do?

Frankly, this is a largely compliance issue, and the EU representative is not operational in your business, but, as the name suggests, represents your organisation in a number of ways:

  • The Nominated European Representative (NER) represents the non-EU based company with respect to obligations under the GDPR, maintaining records of processing* activities for the non-EU based company, with input from your organisation.   And they are there to receive inquiries and complaints!

  • Should the need arise, the Nominated European Representative shall co-operate with the supervisory/ regulatory authority on behalf of your organisation

  • The NER acts more like a local mailbox. The data protection authorities can contact them and sanction the organisation more easily and with fewer jurisdictional complications by liaising with the NER.

  • Once you have identified and appointed an NER,  they must be identified in your privacy notices so that they can be contacted on your behalf.

 

You will need to be GDPR Ready!