A total of more than
As a non-EU company, you are impacted
Globally, if you process European personal data as part of your business
- You are a subcontractor (or data processor) of a European company
- You offer goods and/or services to individuals in the EU
- You monitor the behaviour of individuals in the EU
In addition to the financial risk, if you are not in good standing, you may also be excluded from any invitations to tender from a European company.
Art. 27 of General Data Protection Regulation (GDPR)
Representatives of controllers or processors not established in the Union
1. Where Article 3(2) applies, the controller or the processor shall designate in writing a representative in the Union.
2. The obligation laid down in paragraph 1 of this Article shall not apply to:
a) processing which is occasional, does not include, on a large scale, processing of special categories of data as referred to in Article 9(1) or processing of personal data relating to criminal convictions and offences referred to in Article 10, and is unlikely to result in a risk to the rights and freedoms of natural persons, taking into account the nature, context, scope and purposes of the processing; or
b) a public authority or body.
3. The representative shall be established in one of the Member States where the data subjects, whose personal data are processed in relation to the offering of goods or services to them, or whose behaviour is monitored, are.
4. The representative shall be mandated by the controller or processor to be addressed in addition to or instead of the controller or the processor by, in particular, supervisory authorities and data subjects, on all issues related to processing, for the purposes of ensuring compliance with this Regulation.
5. The designation of a representative by the controller or processor shall be without prejudice to legal actions which could be initiated against the controller or the processor themselves.
A All clients must ensure that foreign suppliers / data processors are GDPR compliant
Clients are legally liable to the regulatory authority for GDPR compliance on the part of suppliers acting on their behalf
Under the client’s purchasing policy, the supplier must provide proof of GDPR compliant processes
Without a GDPR policy in place, the client might not send the supplier an invitation to tender
The supplier does not have a GDPR policy
This will put the client at risk, given its role of data controller legally responsible vis-a-vis the EU regulatory authorities
The client may suspend or end any business relationships with the supplier
The client may urge the supplier to become GDPR compliant at short notice
GDPR becomes the opportunity for new business
Putting a GDPR policy in place will give a company visibility of its data patrimony
This will create a new asset in terms of the company’s financial value
An opportunity to create new business models and future cash-flows
How we support you ?
With our expertise in the fields of compliance and data, we will assist you in appointing your GDPR representative.
YOUR EUROPEAN GDPR REPRESENTATIVE
Performing personal data analysis, processing, technical mapping, data governance and risk identification.
Being your legal
Handling relations with EU regulating authorities, putting in place a legal framework and operational governance, and ongoing monitoring of data privacy compliance.
If necessary, we can also help you to implement the different processes and technical solutions within your company in order to guarantee a better quality in your personal data processing.
Are you interested in GDPR art.27 representation ?
If you are interested in this support offering, or if you would like more information, we would be happy to discuss it with you :