Nominated European Representative Service
Through our partnership with XpertDPO, based in Ireland, we can offer a Nominated European Representative Service (a legal requirement under GDPR Article 27).
Whilst the GDPR is a European regulation, many organisations outside of Europe will be unaware that they are required to appoint a Nominated European Representative under certain conditions.
Furthermore, the requirement to appoint a European Representative is not new.
Some organisations outside the EU were subject to a similar requirement prior to 25th May 2018.
The GDPR applies to Data Controllers AND Data Processors that process personal data of individuals in the EU, regardless of where the organisation is established in the world. Personal Data under the GDPR has a much wider scope than PII as used in the United States.
Those organisations that are not established inside the EU are required to appoint a representative who is established in the EU for purposes of GDPR compliance.
A Data Protection Impact Assessment (DPIA) describes a process designed to identify risks arising out of the processing of personal data and to mitigate these risks as far and as early as possible.
Article 27 of the GDPR states that a Controller or Processor who is not established in the EU and offers goods or services to data subjects in the EU or monitors the behaviour of Data Subjects occurring within the EU must appoint, in writing, a representative within the EU
We can deliver these services in all European languages and our service is backed up with experienced and qualified data protection expert
The Trust Bridge working with XpertDPO
Why do you need an EU representative office?
If your business is offering Goods and Services to the EU
there is a requirement for EU Representation
This applies to ALL organisations
This is a requirement under new laws.
Did you know that, if your organisation is based outside Europe, including British organisations post Brexit, under the new GDPR, your organisation must appoint a “Nominated European Representative” (NER)?
You are not alone. Many organisations are unaware of this requirement. And that includes those based in North America.
The long arm of GDPR requires that both Data Controllers and Data Processors who are not established in the EU and who offer goods or services to data subjects in the EU, or who monitor the behaviour of Data Subjects occurring within the EU must appoint, in writing, a representative within the EU.
This “representative” can be “a natural or legal person established in the EU, designated by the controller or processor”.
What does the EU representative do?
Frankly, this is a largely compliance issue, and the EU representative is not operational in your business, but, as the name suggests, represents your organisation in a number of ways:
The Nominated European Representative (NER) represents the non-EU based company with respect to obligations under the GDPR, maintaining records of processing* activities for the non-EU based company, with input from your organisation. And they are there to receive inquiries and complaints!
Should the need arise, the Nominated European Representative shall co-operate with the supervisory/ regulatory authority on behalf of your organisation
The NER acts more like a local mailbox. The data protection authorities can contact them and sanction the organisation more easily and with fewer jurisdictional complications by liaising with the NER.
Once you have identified and appointed an NER, they must be identified in your privacy notices so that they can be contacted on your behalf.
You will need to be GDPR Ready!