What is an EU Representative?

The EU Representative is a required appointment for most companies outside the EU which are affected by GDPR. The Representative serves two main roles:

They are the point of contact for EU-based individuals and authorities that want to raise questions about the data processing activities or exercise their data rights of a non-EU organisation.
They assist with enforcement of GDPR, for example by making and keeping required records of processing activities and liaising with the regulators.

Which organisations need to appoint an EU/ EEA Representative?

Organisations (whether businesses or otherwise) outside the EU/ EEA that are selling goods/ services into the EU, or that regularly monitor the activities of individuals there need to appoint an EU/EEA Representative. It applies even if your organisation is in a country that is deemed to have ‘adequate protection’ for purposes of international data transfers, such as the UK.

There are exclusions for public sector organisations, and organisations which only process the personal data of EU/EEA-based individuals as part of an occasional data process (i.e. not as part of their usual activities).

What does the EU Representative do?

The EU/EEA Representative’s main activities are to liaise (on behalf of their client outside the EU) with the data subjects (individuals) and authorities in the EU. Most commonly, they will receive communications from EU/EEA-based data subjects who wish to exercise GDPR rights (such as a right to a copy of the data held, the right to erase the data etc) and pass those requests to their client.

They also hold the data processing records/ documents for their clients and make them available on request to a relevant data protection regulator on request.

Who can (and cannot) be appointed as Representative and in which country (or countries) should they be based?

Any individual or company established in the EU/ EEA may be appointed to the role, but because of the liability position it would be unusual for an individual to personally accept an appointment as Representative.

The same company should not be appointed as both DPO and Representative of the same organisation as per the European Data Protection Board guidance, there would be a potential conflict of interest.

The Representative should have a physical location where postal requests can be received in the EU/EEA country where their client has the largest number of data subjects, and they should also be easily accessible to data subjects in other EU/EEA member states. In effect, this may mean you’d need to appoint multiple Representatives, or a Representative with locations in multiple countries.

What has changed post-Brexit?

Following Brexit, the way in which GDPR has been incorporated into UK law means that there is also a ‘UK Representative’ – so companies outside the UK that provide goods/services to the UK or monitor people there may now need to appoint a Representative (in addition to any existing obligation to appoint a Representative in the EU/EEA).

This means that EU companies may need a UK Representative, UK companies may need an EU Representative, and companies outside both UK and EU may need both.

Do the new EU Standard Contractual Clauses (SCCs) have any effect on the EU Representative role?

The new SCCs provide that if you need to have an EU Representative you must use the relevant option in that part of the contract and list their details in the schedule. This means that organisations outside the EU can expect to be asked whether they have an obligation to appoint a Representative and for their contact details.

Has there been any enforcement of the Representative obligation by Data Protection Authorities?

So far there has been one instance of enforcement in May 2021 when the Dutch Data Protection Authority issued a €525,000 fine against a Canadian website for failing to appoint a Representative in the EU. We’re yet to see if / when more fines will follow.

We can help you put in place a practical data protection strategy that minimises reputational, legal and financial risk. We can make sure you comply with the relevant data protection laws in the countries where you operate, and we’ll also make sure you have the right processes in place to ensure continued compliance.

We work with DataRep who are a leading provider of the EU/ EEA and UK Representative services. They have a network of contact locations in all 27 EU countries, Norway and Iceland in the EEA and the UK. If you want to discuss any of your data protection requirements, including if you need a Representative, please get in touch.

What do our clients think?

Having an experienced lawyer as your single point of contact to manage legal matters effectively whilst providing pragmatic solutions is exactly what you get from LegalEdge
Legal & Compliance Officer - Distributed
LegalEdge’s practical approach to our day-to-day legal requirements has been second to none. I highly recommend their commercial contract support – it’s a game changer.
COO/CFO - Fluent Commerce
We’re very pleased with the work LegalEdge are doing for us. We’re getting quick and decisive responses that are really helping us move forward.
FINANCE & OPERATIONS DIRECTOR - DEPOP
Our original MSA was very one-sided and not favourable to us, with LegalEdge’s help getting this agreement in place we have significantly reduced the risk to the agency.
Operations Director – Contracts and Commercial, - The Social Element
LegalEdge has provided unparalleled legal support to our EMEA business as our in-house lawyers to help us negotiate our software license contracts successfully and quickly.
VP & GM EMEA - Wherescape
The Intellectual Property audit provided by LegalEdge was extremely thorough. Securing our IP is enabling us to scale confident that our brand is protected under the law.
Founder - Arishi
It’s not an understatement that the new contracts gave us a lot of confidence in negotiating. It sets the right tone with our clients that we know what we are doing.
Operations Director - OneSixOne
I don’t always need the technicalities of a matter; LegalEdge provide pragmatic solutions that help us to close the deal.
Co-founder - Lexonis
LegalEdge has provided excellent, commercially focused advice as part of our in-house legal team that has helped us close contracts with our customers and partners.
CEO - Diona
The fact that all their lawyers have worked inside businesses means they are commercial, pragmatic and know exactly how to prioritise what’s important.
COO - Squirro
Having made the decision to outsource our legal work, we have been extremely impressed by how quickly LegalEdge have quickly understood our business.
Commercial Director - The Social Element
LegalEdge understood our needs more than any traditional law firm had before: we were able to dip in and dip out of their services, they acted like a general counsel for us.
Co-Founder - Young Foodies
LegalEdge are awesome at taking complex ideas and turning them into simple contracts whilst streamlining processes to make it easy to do business.
Founder - Lola Tech, a DataArt company
The LegalEdge team just intuitively understood our business and needs, picked up the matters that needed dealing with, and ran with them.
General counsel - The Engine Group
Working with a professional squad like LegalEdge on the legal stuff means, as CFOs, we can focus on what we’re good at – the numbers!
Founder - Emergeone
LegalEdge were brilliant from start to finish in helping us to develop a proper brand strategy and implementing it.
CEO - Placemake.io
LegalEdge have been fantastic advisers to our business. Between shareholder agreements & fundraise, Trademark & IP, and commercial agreements, we deeply value their guidance.
Co-Founder - Days Brewing
Having worked closely with LegalEdge I have no hesitation in recommending them to any business requiring smart, articulate and professional legal counsel.
Founder - Low Carbon Group
Working with LegalEdge has been a breath of fresh air! They have provided a unique, entrepreneurial approach to legal services within a rapidly growing organisation.
COO and Co-Founder - hybris GmbH (now a SAP company)
The support we have received has been first class – from day one. LegalEdge have gone above and beyond to truly understand our business.
Director EMEA Operations - Stella & Dot
The ideal solution for the busy in-house counsel who is unable to add a permanent head as you have the ability to flex support without the need to rely on expensive law firms.
Vice President and EMEA Managing Counsel - World-Check [now Thomson Reuters]
LegalEdge’s experience has proven invaluable as they have picked up, negotiated and completed contracts with commercial aptitude.
Group Counsel - Funding Circle
What sets LegalEdge apart is that they focus on problem solving and keeping issues in perspective. They know and understand our business and the array of legal issues we face.
Partner - Portal Tech Reply
As our trusted go to lawyers for complex contract queries and negotiations, LegalEdge know how to focus on the things that matter and to get deals done.
Commercial Director - Connect Managed
The Oxial team was very impressed with the quality of the contracts that the LegalEdge team produced for our business and with their responsive and collaborative approach.
COO - Hammer Team & Oxial

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_gtag_UA_32854648_1	1 minute	Set by Google to distinguish users.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.

By LegalEdge News Jul 21, 2021

What is an EU Representative?

What do our clients think?

Contact

Navigate Site

Stay In Touch