Our EU representative service enables companies in North America that fall within the scope of the GDPR to meet their obligations under Article 27.
Organizations in North America that offer goods or services to individuals in the EU or monitor their behavior will generally have to appoint a representative established in an EU member state. The representative acts on your behalf in relation to your personal data processing activities and acts as a local contact for data subjects and supervisory authorities.
Under Article 27 of the GDPR, organizations without a physical presence in the EU need to designate, in writing, an EU-based representative to deal with various aspects relating to data protection on behalf of or in conjunction with the organization. There are exemptions to this rule. The first is if the processing is occasional, does not include, on a large scale, processing of special categories of data or data relating to criminal convictions, and is unlikely to result in a risk to the rights and freedoms of individuals. The second is if the organization is a public authority or body.
Simply having a subsidiary based in the EU may not excuse you from needing an EU representative. If the subsidiary is managed at arm’s length via a services or distribution agreement and that EU based subsidiary entity doesn’t have control over the data-related decisions of the business, or the power to implement them, then the subsidiary may not be considered to have a main establishment in the EU for the purposes of GDPR, and therefore your organization may still need to designate an EU representative.
With this annual subscription service you will be supported by our qualified data privacy, legal and compliance team (GRCI Law1), which will serve as your EU representative as set out in the GDPR.
As appointed EU representative we shall:
1The GDPR EU Representative service is provided by GRCI Law Limited, a specialist in legal and compliance advisory services relating to data privacy, cybersecurity and information security (and a subsidiary of GRC International Group plc).
Please contact us for further information or to speak to our GDPR team.
+1 877 317 3454