However not all organisations are compelled to this requirement. The requirement to appoint an EU Data Protection Representative arises from article 27 of the GDPR. This article states that every organisation outside the EU, without an establishment in the EU and that controls or processes personal data of EU citizens, needs a data protection representative inside the borders of the EU.
Nowadays other countries are adopting privacy legislations similar to the GDPR including the obligation to have a Data Protection Representative inside the borders of that country. Examples are the United Kingdom, Sri Lanka, Thailand, Turkey and Rwanda. India and China are likely to have their privacy legislation in effect by the end of 2021, which includes the obligation to appoint a representative. So according to us, having a Data Protection Representative is not going to be a choice, it will be an obligation no organisation can evade.
What exactly does a Data Protection Representative do?
The Representative of an organisation acts as the local point of contact for individuals and Data Protection Authorities in a particular country or region. The Representative receives data requests from individuals and inquiries from Data Protection Authorities. The Representative then notifies and consults/advises with the organisation it represents for the appropiate answer or action to be taken and gives the answer or the action taken back to the individual or Data Protection Authority. The answer has to be given back in the language of the particular country from which the data request or inquiry came from.
Have a look at our packages or visit our frequently asked questions where we have answered the most common questions we get. If you have any other questions regarding the GDPR or our services feel free to contact us.