Frequently Asked Questions
about the EU Privacy Rep.
EU-REP.Gobal is a service provider based in Germany that offers compliance solutions for companies being subject to the obligations under Art. 27 of the EU General Data Protection Regulation (GDPR). This company is not a law firm, but facilitates an expert network of data protection and privacy professionals in the EU.
The EU General Data Protection Regulation (GDPR) has a broad scope of application. It applies to any personal information, which may include name, contact details including e-mail address, payment information, IP address, device fingerprints, as well as location and other behavioral data.
It not only affects companies with establishments in EU member states, but also includes non-EU based companies which collect, receive, retain or otherwise use personal information on individuals in the EU, under the condition that the company
- offers goods or services to individuals in the EU, irrespective of whether such services are chargeable or free, or
- monitors the behavior of individuals.
Therefore, as a condition for the GDPR to apply, the company's activities must somehow aim at the EU market. The threshold is very low as this may include, among others, the following cases:
- The company offers delivery of goods to customers in EU member states
- The company offers specfic products for the EU market or at least refer to EU member states by name
- The company tracks website visitors using cookies or other tracking techniques such as fingerprinting
- The company uses EU top-level domains, such as .de, .fr, .es or .eu
- The company uses a language or currency of an EU member state that is different from the country where the company is located (e.g. Japanese company accepts Euro)
- The company collects location or other behavioural data for marketing or other purposes through a website or an app
- The company runs marketing and advertisement campaigns aiming at the EU market (e.g. SEM budget for the EU, advertisement in European newspapers)
- The company provides specific contact details for EU customers
Depending on the individual case, the GDPR may already apply if the company only meets one of the abovementioned criteria.
The scope also includes service providers which do not use personal data for their own purposes, but only on behalf of others (e.g. cloud services).
The obligation to appoint an EU representative pursuant to Art. 27 of the General Data Protection Regulation (GDPR) applies to any company
- without an establishment in at least one of the EU member states,
- which deals with personal information being subject to the GPDR (see above).
Exempted are companies who meet the following requirements:
- only occasional processing of personal data of individuals in the EU,
- no large-scale processing of sensitive data such as information on health or criminal convictions, and
- processing is unlikely to result in a risk for individuals (e.g. using customer data only to fulfill a one-time order and no further data retention for marketing purposes).
Since these requirements must be met cumulatively, the scope for the exception is quite narrow. Whether such exception applies requires legal review in the individual case.
The main functions of an EU representative are, by law:
- to act as a local point of contact inside the EU for all inquiries relating to issues of data protection, particularly for customers and data protection supervisory authorities, often with legal effect for the company,
- to retain records of processing activities (Art. 30 GDPR) of the company in the EU,
- to cooperate with supervisory authorities in case of investigations.
EU-REP.Global is specialized in fulfilling these abovementioned requirements in a compliant and customer-friendly manner. In case you need additional services relating to data protection compliance, such as legal advice or the appointment of a Data Protection Officer pursuant to Art. 37-39 of the GDPR, we will be glad to get you in touch with our partners.
In case your company is obliged to appoint an EU representative but fails do to so, EU data protection supervisory authorities may issue fines of up to 10 mio. € or 2% of your company’s global annual turnover, whichever is higher. According to EU laws, those penalties may also be enforced against entities established in non-EU states.
Another aspect is that, since awareness in the EU regarding matters of data protection has raised enormously, your B2B or B2C customers in the EU pay attention whether you comply with GDPR obligations. The consequences of negative publicity coming along with reports on non-compliance may even exceed the damage caused by financial penalties.
If you choose EU-REP.Global as your GDPR EU representative service, we will get you started as quickly as possible:
- We will review your company details and provide you with an offer to sign up for our services. Thereby you also grant us a power of attorney, which is required by law. We will not make any binding statements on your behalf without your prior approval.
- We will set up your individual e-mail account (firstname.lastname@example.org) and postal address to be addressed for your customers and supervisory authorities.
- We will receive and keep for you the necessary documents, particularly records of processing activities (Art. 30 GDPR).
- We will forward you any incoming communication immediately for further processing and assist you in case you have any queries.
You can settle the invoices by bank wire (EU bank account), credit card, or PayPal. Our services are charged on an annual basis.
If you represent a group of companies that require EU GDPR representative services, please contact our sales team at email@example.com.
EU-REP.Global itself is specialized in GDPR EU representative services. Depending on your individual demands, we are able to establish contact to our partners that offer the following services:
- Full legal GDPR compliance advice
- Privacy dispute resolution
- GDPR Data Protection Officer
- Hands-on implementation advice
- Many other services relating to GDPR
Please get in touch for further information.