Who has to appoint an EU representative?
An EU representative must be appointed if you are not established in the EU and process personal data of EU citizens in order to offer them goods or services or if you observe the behaviour of EU citizens within the EU. This applies if you act as a so-called controller, i.e. you decide yourself which data you process and why. It also applies if you are a so-called processor, i .e. you process personal data of EU citizens for third parties.
When do I offer goods and services to EU citizens?
The question can be answered quite simply at first: You offer goods and services to EU citizens if you are prepared to conclude appropriate contracts with them. It would not be sufficient if, for example, your website could be reached from Europe, but you only sell your products in Switzerland. It is not necessary that your offer is explicitly directed at EU citizens, it is sufficient that you conclude corresponding contracts with them. Such a contract exists, for example, if users from the EU can create an account on your website in order to use the services offered on the website.
When do I observe the behavior of EU citizens?
Observing does not mean looking through binoculars when an EU citizen is about to do something behind the border. Rather, it refers to all services that are offered especially on the Internet, e.g. to collect behavioral data (who does what in a webshop and how do I increase the sale of a product purchased) or to enable interest-based advertising (tracking, retargeting, geolocalization, etc.).
Are there exceptions?
There are hardly any exceptions to the obligation to appoint an EU representative. The obligation only does not apply if
- personal data of EU citizens are processed only occasionally, AND
- does not include extensive processing of special categories of data as defined in Article 9(1) or extensive processing of personal data relating to criminal convictions and offences as defined in Article 10, AND
taking into account the nature, circumstances, scope and purposes of the processing is not likely to result in a risk to the rights and freedoms of natural persons.
What is the role of my EU representative?
What does my EU representative do?
In very simplified terms, your EU representative serves as a contact person in the EU for all persons affected by your data processing as well as for authorities and courts. For example, your customers can contact the EU representative to request information about which of their personal data is being processed. Furthermore, supervisory authorities use the EU representative as a contact person “on site”.
What services do you provide as my EU representative?
First of all, we provide you with all services that an EU representative is required to provide under Art. 27 GDPR. Data subjects can turn to us to exercise their rights and we serve as your contact for authorities and courts in the EU. We work closely with you and can access qualified lawyers in our network if the need arises that a lawyer represents your interests in the EU.
In addition to this mandatory services, we offer additional services making it easier for you to comply with the GDPR. As soon as you need an EU representative, you have to comply with the other GDPR requirements. These include, for example, privacy policies in accordance with the GDPR, declarations of consent, the creation and updating of the so-called Records of processing activities.
Data subjects within the meaning of the GDPR are the persons whose personal data you process. They are entitled to various rights, which are described in particular in Articles 15 ff. GDPR . These include, for example:
- The right of information in accordance with Art. 15 GDPR (which personal data is processed for which purpose, where does the data originate, to whom was the data transmitted, etc.)
- The right to demand the correction of incorrect personal data (Art. 16 GDPR)
- The right to delete data (“Right to be forgotten”, Art. 17 GDPR)
- Right to limit processing, Art. 18 GDPR
- Right to data transferability, Art. 20 GDPR
- Right of objection, Art. 21 GDPR
How do you support me as my EU representative in exercising the rights of data subjects and what do I have to do?
Since we do not have the information ourselves to deal with the concerns of the data subjects, we must work closely with you in this respect. Do not worry, we will tell you what to do in each individual case.
OK, how can I hire you?
How do I appoint you as my EU representative?
This is very easy, just use the ordering option on our website! By this you appoint us as your EU representative in accordance with the GDPR. In addition, you will receive a certificate in which we confirm that you appointed us as your EU representative. We look forward working with you. Simply start your order here https://eu-gdpr-representative.com/order/.
Does it matter that your company is located in Germany?
Yes, because the EU representative has to be based in the EU. However, if your offer is directed only to EU citizens in certain countries (e.g. Spain), then the EU representative must also be based in that country. However, as long as you do not limit the country of residence of your customers, the EU representative can also be located in any EU country.
What happens after I have commissioned you?
Thank you very much for your trust and we look forward working with you! With your registration you get access to our data protection dashboard. In addition to our invoice, which you can pay by bank transfer or Paypal, we will send you a power of attorney by email . Please send us this power of attorney signed in the original by mail. We need it to legitimize us as your EU-representative vis a vis supervisory authorities and other third parties.
In your data protection dashboard you will find –
– a text suggestion to extend your privacy policies to inform you that you have appointed us as your EU representative. This notice is required by law.
– the link to your individual website for submitting requests based on the GDPR (e.g. requests for information). Please include the link in your privacy policies so that GDPR requests will be submitted in this way in the future. We suggest that you include the link in the information about your EU representative.
– a PDF document confirming that you have appointed us as your EU representative.
We are required by law to keep a copy of your records of processing activities in accordance with Art. 30 GDPR, insofar as these procedures relate to the processing of personal data of EU citizens. Since you know better than we do which data are processed for which purpose, we are dependent on you providing us with this information. If you have not yet created these records, you will find a tool in the data protection dashboard to easily create it by yourself. If you need support for drafting these records, we will be happy to offer it to you for a separate fee.
If you have any questions, please do not hesitate to send us an email to email@example.com. Please note that our correspondence languages are German and English.
What are my obligations under GDPR?
The EU representative alone is not enough, but we will not leave you alone!
If you have to appoint an EU representative, this means that you process personal data in such a way that the GDPR applies to you. Although GDPR only applies to the extent that personal data of EU citizens is processed, you must comply with all provisions of the GDPR. These are just FAQs about the EU representative, so we cannot offer you a crash course “GDPR Compliant in 5 minutes”, if it would exist at all. However, we can help you either by ourselves or through partners from our network to meet the requirements of the GDPR in order to avoid the risk of very high fines. Please contact us if you need appropriate advice.
What are the records of processing activities that you mentioned several times?
Art. 30 GDPR requires you to keep the so-called records of processing activities for the activities by which personal data of EU citizens is processed. This obligation also applies to us, as your EU representative. We must therefore have access to your records of processing activities or maintain it for you. This records of processing activities contains, for example, the following information:
- the name and contact details of the controller ;
- the purposes of the processing;
- a description of the categories of data subjects and the categories of personal data;
- recipients to whom the personal data is disclosed;
- information on the periods when the data will be deleted
- a general description of the technical and organizational measures taken to protect your personal data
We offer our customers an online tool to create the records of processing activities quickly and easily. On your request we support you in this!
About Legal Tech SPOC
Who are we?
Provider of the EU representative offer is Legal Tech SPOC UG. Our company was founded in 2018 to provide solutions for companies around the GDPR. Partners are experienced IT entrepreneurs as well as IT lawyers from Germany and Switzerland.
How can I pay?
We offer you to pay our invoices by bank transfer in EUR and USD.
Do you also offer legal advice?
The German legislator prohibits us to advise you in legal matters. But would you go to a drugstore with a toothache just because they have dental care products? Precisely. That’s why we have specialized in providing you with a platform that makes it easy for you to comply with the GDPR. For special questions we offer you specialists from our network. Legal advice is provided by qualified lawyers who have been dealing with data protection law issues for years.