Slider Prev
Back

Mateusz Heinrich

attorney at law, managing partner

Appointment of representative in European Union under GDPR

This article explains the requirement for appointing Representative in European Union under GDPR by non-EU companies that are impacted by the new Regulation.

Appointment of representative in European Union under GDPR

Non-EU entities ( both Controllers and Processors) which fall under the GDPR, must appoint a representative in the EU.

For Controllers offering goods or services to EU data subjects a GDPRs representative acts as a point of contact for said EU data subjects and als DPAs (Data Protection Authorities). 

So, if your business is not established in the EU but offers goods or services to EU data subjects, you will have to comply with the GDPR.

What exactly does GDPR say regarding the role of Representative? GDPR states that:

  • A controller established outside the EU must appoint a representative in one of the Member States in which the controller offers goods or services or monitors EU residents, unless the processing is occasional, small-scale and does not involve Sensitive Personal Data.
  • The appointment of the representative is without prejudice to legal actions which could be initiated against the controller.
  • The representative must be mandated by the controller or processor to be addressed in addition to or instead of the controller or the processor by DPAs and  data subjects, on all issues related to data protection.
  • A representative may be subject to enforcement actions by DPAs in the event of non-compliance by the controller.

For noncompliance with the reqiurement of appointing Representative under the GDPR, DPAs can impose fines of up to €20 million or 4% of a group’s total annual worldwide turnover, whichever is higher.

In practice you’ll have to publish the contact information of your EU representative alongside your own contact information on your website and with your terms of service.

Why GDPR Representative in Poland?

If you target the entire EU (including Poland) then you should be able to select the country where you base your representative, but if one of the languages in which you operate your website is a Polish language and you target your services toward Poland along with other EU countries – it’s recommended to locate your representative in Poland.

Heinrich Kaczanowski Law Office offers comprehensive GDPR Representative services, including day-to-day legal assistance in all aspects of Client’s privacy related operations that will provide you an EU presence and point of contact for your business.

If you’re interested in appointing GDPR Representative in Poland or have any additional questions please contact us via e-mail: heinrich@kancelaria-hk.pl