Nominated European Representative

Nominated European Representative Service

The GDPR applies to controllers and processors that process personal data of individuals in the EU (NOT JUST EU CITIZENS!!!), regardless of where the organisation is established in the world.

Those organisations that are not established inside the EU are required to appoint a representative who is established in the EU for purposes of GDPR compliance.

A Data Protection Impact Assessment (DPIA) describes a process designed to identify risks arising out of the processing of personal data and to mitigate these risks as far and as early as possible.

Article 27 of the GDPR states that a controller or processor who is not established in the EU and offers goods or services to data subjects in the EU or monitors the behavior of data subjects occurring within the EU must appoint, in writing, a representative within the EU.

This “representative” can be “a natural or legal person established in the [EU] who, designated by the controller or processor in writing pursuant to Article 27”.

Does the GDPR apply to us?

If you answer yes to any of the questions in the infographic opposite then you will likely be required to appoint a European Representative.

Your European Representative!

XpertDPO can provide this outsourced service for you acting as your European Representative in the EU.

As your representative in the Union, we will be the contact person for your customers (data subjects) in all European countries for all privacy issues.

Your EU representative will be legally appointed to represent you as the “controller” when dealing with data protection supervisory authorities in the EU.

We will establish and maintain your records of processing activities together with you. If requested, we will provide these records to authorities.