According to the GDPR, a representative’ means a natural or legal person established in the Union who, designated by the controller or processor in writing pursuant to Article 27, represents the controller or processor with regard to their respective obligations under this Regulation;
Where a controller or a processor who is not established in the Union is processing personal data of data subjects who are in the Union, and these processing activities are related to either the offering of goods or services, (irrespective of whether a payment of the data subject is required), or to the monitoring of data subjects' behaviour as far as their behaviour takes place within the Union, the controller or the processor must designate a representative - (unless the processing is occasional, does not include processing, on a large scale, of special categories of personal data or the processing of personal data relating to criminal convictions and offences, and is unlikely to result in a risk to the rights and freedoms of natural persons).
The representative shall be established in one of the Member States where the data subjects, whose personal data are processed in relation to the offering of goods or services to them, or whose behaviour is monitored, are.
The representative should be explicitly designated by a written mandate of the controller or of the processor to act on its behalf with regard to its obligations under the Regulation.
The designation of such a representative does not affect the responsibility or liability of the controller or of the processor under the Regulation.
Controllers without any establishment in the EU must, through their local representative, deal with local supervisory authorities in every Member State in which they are active.
The designated representative should be subject to enforcement proceedings in the event of non-compliance by the controller or processor.
In the GDPR compliance app, if your physical address falls outside of the EU, you will be prompted to enter your representative's details.
If you would like to know how our service might enable your organisation's GDPR compliance journey, please visit us here
The content herein is provided for your convenience and does not constitute legal advice.
Compliance Technology Solutions B.V. 2018