Your EU Data Protection Representative

The EU Data Protection Representative

On the 25th of May 2018 the EU General Data Protection Regulation (GDPR) came into effect. This meant a significant change in the conditions under which the use of personal data may take place for organisations around the world. If you have a website in any of the official EU languages or you provide payments in Euro's, your organisation already falls under the scope of the EU GDPR. Even if you haven't sold anything to any EU individual, you still have to comply to the EU GDPR, because your targeting EU individuals.

Even though you, as most organisations, do your utmost to be compliant with the GDPR, chances are your don't fully comply yet. Most organisations completely forget article 27 of the GDPR. This article in the GDPR states that every organisation outside the EU, without an establishment in the EU and that controls or processes personal data of EU citizens, needs an EU Data Protection Representative inside the borders of the EU.

The EU Data Protection Representative acts as your local point of contact in the EU for individuals as wel as administrative authorities. Not complying to this article cannot only result in damage to your reputation, you will also get a penalty for non-compliance. This penalty could be up to 10 million euro's or 2% of your worldwide revenue. In 2021 the Dutch Data Protection Authority imposed a fine of €525,000,- to an American website for not having an EU Data Protection Representative. So having an EU Representative can save you a lot of trouble and helps you demonstrate to your customers and visitors of your website that you take the protection of personal data seriously.

It is important to know that the GDPR does not only apply in the EU itself but also in the European Economic Area (EEA). The EEA consists of the EU countries and includes Norway, Iceland and Liechtenstein. In 2021 a US-based company was unaware that the GDPR applied to data subjects in Norway and was fined €2,5 million by the Norwegian Data Protection Authority for serious infringements of the GDPR. So it is important for you as an organisation to know where the GDPR applies and where is doesn't. Another consideration to take into account is that each EU member state is free to take its own additional measures on top of the GDPR, which some have done. Therefore it is essential for you to have an EU Data Protection Representative that has expert knowledge of the differences in legislation and where the GDPR applies .

Having an EU Data Protection Representative doesn't have to cost much. We offer a yearly subscription for our services starting from €100,- (ex VAT) a year depending on the number of EU/EEA citizens of whom you hold or process personal data. Have a look at our packages or visit our frequently asked questions where we have answered the most common questions we get. If you have any other questions regarding the GDPR or our services feel free to contact us.