Your Data Protection Representative

What is a Data Protection Representative?



Since the introduction of the General Data Protection Regulation (GDPR) in the EU, commercial and non-commercial organizations from all over the world have had to adjust how they handle the personal data of their EU customers / visitors to their websites. One of the changes is the requirement to appoint an EU Data Protection Representative (or alternatively called GDPR Representative). Even though many organizations have adjusted their privacy policy or privacy statement to meet the requirements of the GDPR, most of them have still not appointed an EU Data Protection Representative, as a result of which they do not comply with the GDPR.


However not all organisations are compelled to this requirement. The requirement to appoint an EU Data Protection Representative arises from article 27 of the GDPR. This article states that every organisation outside the EU, without an establishment in the EU and that controls or processes personal data of EU citizens, needs a data protection representative inside the borders of the EU.


Nowadays other countries are adopting privacy legislations similar to the GDPR including the obligation to have a Data Protection Representative inside the borders of that country. Examples are the United Kingdom, Sri Lanka, Thailand, Turkey and Rwanda. India and China are likely to have their privacy legislation in effect by the end of 2021, which includes the obligation to appoint a representative. So according to us, having a Data Protection Representative is not going to be a choice, it will be an obligation no organisation can evade.


What exactly does a Data Protection Representative do?


The Representative of an organisation acts as the local point of contact for individuals and Data Protection Authorities in a particular country or region. The Representative receives data requests from individuals and inquiries from Data Protection Authorities. The Representative then notifies and consults/advises with the organisation it represents for the appropiate answer or action to be taken and gives the answer or the action taken back to the individual or Data Protection Authority. The answer has to be given back in the language of the particular country from which the data request or inquiry came from.


We at Sensorium want to be more than simply being your mailbox. Therefore we assist you in having your privacy policy or privacy statement up to date according to the latest regulations, amendements and legal rulings. A data breach is an unfortunate case, but it can happen to any organisation, even those with the most advanced security measures in place. If this happens we will assist our clients to notify the relevant Data Protection Authorities in the appropriate manner within the mandatory 72 hours.


Have a look at our packages or visit our frequently asked questions where we have answered the most common questions we get. If you have any other questions regarding the GDPR or our services feel free to contact us.