The GDPR (General Data Protection Regulation) brings in major of changes, including
Basically, the GDPR means that organizations will need to take a more active approach towards management of personal data, monitoring and reporting. All organizations will need to make changes in policy, processes and contracts, as well as in technical and organizational compliance measures.
Since data breaches around the world have become more and more common, protecting personal data has become a very difficult challenge for any business.
Under the EU GDPR (enforceable from 25th May 2018) organizations handling EU data subjects that fail to comply with the GDPR will have as a result high penalties. Organizations can be fined up to €20 million or 4% of global annual turnover for the preceding financial year, whichever is the greater.
— Companies which process, store or transmit personal data belonging to EU residents
— Companies established outside the EU offering goods/services (paid or for free)
— Companies that monitor the behavior of individuals in the EU.
Organizations who are under the remit of GDPR but do not operate from within the EU are required to appoint an EU representative to handle their GDPR requests.
The GDPR makes it compulsory for the following types of organization to appoint a data protection officer:
— Public authorities
— Organizations whose core activities require regular and systematic monitoring on a large scale (e.g. web analytics businesses)
— Organizations whose core activities consist of large scale processing of special categories of data (such as information concerning individuals' health, race or sex life or sexual orientation.
Even if your organization does not fall under one of these categories, you are encouraged to appoint a DPO on a voluntary basis. Organizations may or, where required by Union or Member State law shall, designate a data protection officer.
Our Company fulfills the obligations set out under Article 37(5) of the GDPR stating that the DPO must be adequately resourced and designated based on professional qualities, in particular to have ‘expert knowledge of data protection law and practices’.
The DPO will be responsible for both your organization’s GDPR compliance as well as coordinate with the relative authorities. The DPOEU Ltd DPO officer can take over all tasks required by the GDPR and all roles can be adjusted towards specific needs.
GDPR and ARTICLE 27
Who has to designate an EU-representative according to Art. 27 GDPR?
Many non-EU businesses operate inside the European Union (EU), even if they do not have a corporate office within the EU. Under Article 27 of the GDPR, if you deliver services or products or monitor personal data of data subjects within the EU, you may be required to designate a representative in the EU.
As your representative in the Union we will be the contact person for your customers (“data subjects”) in all European countries for all privacy issues.
Your EU representative will be legally appointed to represent you as the “controller” when dealing with data protection supervisory authorities
We will establish and maintain your records of processing activities together with you. If requested, we will provide these records to authorities.
— EU Representative Services in accordance with Article 27 of the GDPR
— DPO will take over the role of the Data Protection Officer in an organization in line with GDPR requirements and inform and advise the company and the employees.
— DPO will act as the contact point for the supervisory authority on issues relating to processing.
— DPO will support the customer in case of Data Breach.
— DPO will deal with privacy and data protection issues and offer internal advice.
— DPO will mitigate privacy risks.
— DPO will monitor your organization’s compliance with the GDPR.
— DPO will advise on data protection impact assessments (which become mandatory under the GDPR for certain activities).
Contact us if your company requires an EU representative and wants to benefit from our experience, contact as for further information and a quote.
An EU Representative is your locally based expert who coordinates between your EU data subjects and your business, and data protection supervisory authorities and your business. They become your data “controller” under GDPR, and must be legally appointed.
The GDPR will come in effect on May 25, 2018 – make sure to have designated an EU representative until this date. – We would be pleased to represent you.