You are provider of an app that is available in the Apple App Store or Google Play Store? You operate an online shop that also sells to customers in the EU? You are the provider of cloud software that is also accessible to European users?
You or your company are based outside the EU, for example in the US, UK, China, or Switzerland?
Then you will most likely need an EU data protection representative. Contact us for a free individual check and an attractive offer starting at just US$ 79,00 net per month.
Companies that are not based in the EU must also comply with the provisions of the EU General Data Protection Regulation (GDPR). This applies in any case if the company offers goods or services to persons in the EU (e.g., online shops, apps, software). This also applies if the services are free of charge, Art. 3 (2) GDPR.
Companies that are neither based in the EU nor have a branch there require an EU representative, Art. 27 GDPR. This representative must be based in the EU. The representative serves as the company’s point of contact for individuals and supervisory authorities in the EU.
Failure to appoint an EU representative constitutes a serious legal violation. For example, the Dutch Data Protection Authority (AP) imposed a fine of EUR 525,000.00 on a website provider that was not based in the EU but had not appointed an EU representative.
We support you in becoming GDPR-compliant and avoiding fines. In addition, appointing an EU representative builds trust among your customers and gives you a competitive advantage over your competitors.
info@fx-legal.de
+49 89 21 11 22 90
Further information:
US Department of Commerce – International Trade Administration: “Generally, companies that are not established in the European Union but that are subject to the GDPR must designate in writing an EU representative for purposes of GDPR compliance. (…) Fines in case of non-compliance can reach up to four percent of the annual worldwide revenue or €20million euros–whichever is higher.”
Wired.com – Brexit’s latest headache? An extra bundle of GDPR bureaucracy: “The appointment of a data representative is required by Article 27 of GDPR, the EU’s data protection regulation that started to be enforced in May 2018, triggering compliance panic all across Europe. GDPR anxiety has now almost faded from the British public’s memory, but the regulation’s consequences have not: as soon as the UK leaves the bloc in earnest, it will be treated as a non-EU country, and Article 27 will start applying to all British companies meeting the criteria. Who are they? Not corporate giants, which are likely to have an office somewhere in the EU already, and not family-run bakeries, but rather a galaxy of mid-sized internet-based companies catering to EU customers. Bell cites software-as-a-service startups, e-commerce businesses, and organisations that conduct clinical trials as DataRep’s typical clients.”
ComputerWeekly.com – The privacy and compliance challenges organisations face in 2021: “As the EU GDPR will no longer apply in the UK, Article 27 most definitely affects UK-based organisations, which means they will need to appoint an EU Representative.”
Wikipedia.com: “Under Article 27, non-EU establishments subject to GDPR are obliged to have a designee within the European Union, an “EU Representative”, to serve as a point of contact for their obligations under the regulation. (…) An establishment’s failure to designate an EU Representative is considered ignorance of the regulation and relevant obligations, which itself is a violation of the GDPR subject to fines of up to €10 million or up to 2% of the annual worldwide turnover of the preceding financial year in case of an enterprise, whichever is greater.”