Are you obliged to appoint a representative in the European Union according to the GDPR?
Then you are in good hands with us.
The KEDUA GmbH has been on the market for 20 years now and offers you comprehensive advice on data protection. You can also name the KEDUA GmbH as your representative in the European Union.
Start-ups and well-known global industrial companies in all sectors rely and trust in our services for all aspects of data protection.What distinguishes the KEDUA GmbH from other competitors that offer data protection services?
· Our top-trained lawyers devote themselves completely to data protection every day
· We are one of the leading trainers in Germany for data protection officers and coordinators
· We are in close cooperation with the supervisory authorities;
· We are a partner of DEKRA Certification
What can the KEDUA GmbH offer you?
As a representative within the Union, we offer you a specialized service that is based on the GDPR and your individual needs.
For you, our services as a representative includes in particular:
· Contact partner on your behalf for the supervisory authorities, for data subjects and other third parties
· Acting in your name and interest to fulfil the legal obligations
· Keeping a records of processing activities register of your processing activities of all processes
within the European Union
· In the event of violations, managing the enforcement process according to your interests
If desired, you can in the future also appoint the Kedua GmbH as your representative according to the ePrivacy Regulation (ePR).
Further details can also be found in the PDF: Information sheet on the obligation to designate a representative of controller or processor who are not established in the European Union and his tasks under the General Data Protection Regulation (GDPR)
Under certain circumstances companies, both a controller[4] and a processor[5], who are established in a third country, are required under the GDPR to designate a representative within the European Union.[6]
The obligation to designate arises only for companies to which the market place principle of the GDPR applies. These are companies of third countries that offer goods or services within the Union, regardless of whether affected customers are required to make a payment. In addition to the previous requirements of the market place principle, companies of third countries that observe the behaviour of citizens within the Union. The legal status of the citizens is irrelevant.
Exceptions to designate a representative within the European Union
There are however two exceptions, if, despite the obligation according to the market place principle, companies do not have the duty to designate a representative within the European Union. On the one hand, these are public authorities or bodies. On the other hand, by processing not occasionally on a large scale sensitive personal data like racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health data or data concerning a natural person’s sex life or sexual orientation as well as data on criminal convictions and offenses. These processing’s should not result unlikely in a risk to the freedoms of natural persons. If an exception exists, companies should justify and document it comprehensibly.
Recommendation
Nevertheless, if companies do not see a duty to designate a representative, the companies should consider to designate a representative voluntarily. Likewise in the cases of the legal obligation to designate a representative, to designate a representative parallel in more than one member state. Because, this corresponds to an effective implementation of the protection of data subject rights and is part of an efficient data protection management system.
Details on the duty to designate a representative within the European Union
The represent
ative is to designate in one of the member states, where the company actively processes the personal data within the European Union. Easily summarized the tasks of the representative is to be the first point of contact for data protection authorities and the data subjects so that they can exercise their rights and you are able to fulfil your obligations. Precisely because of the increased fines for breaches and claims for damages a very well qualified representative like the Kedua is important; since the Kedua has been on the market for over 20 years as well as the day-to-day business is the data protection law. You benefit from a business approach that allows us to optimize your processes or to make them last as effectively as possible while still maintaining data protection law rather than interfering your processes to comply with data protection law. Besides that, since we have been working in the data protection field for many years we have many good relations with data public officials of the authorities. If you still have questions on the topic or you consider to designate the Kedua GmbH as your representative do not hesitate to contact us. It is also possible, if desired, to set up further tasks within the contract.
Are you not sure whether you are obliged to appoint a representative according to the market location principle? Or do you have further questions? Then please contact us:
[1] ‘Controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data, Art. 4 (7) GDPR.
[2] ‘Processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller, Art. 4 (8) GDPR.
[3] Art. 27 GDPR.
[4] ‘Controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data, Art. 4 (7) GDPR.
[5] ‘Processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller, Art. 4 (8) GDPR.
[6] Art. 27 GDPR.