European or EU Representation
What’s happening on 1st January 2021?
We all know that the UK finally, in less than three months time, leaves the EU on 1st January 2021 but did you know that this also means we leave the EU General Data Protection Regulation (EU GDPR)? And what implications this has for UK businesses conducting affairs in the EU?
As of 1st January 2021, Article 27 of the EU GDPR will apply to all UK private companies that;
- Have no offices, branches or other establishments in the European Economic Area (EEA – EU plus – other allied countries);
- Are offering goods or services to individuals in the EEA or monitoring the behaviour of individuals in the EEA on an ongoing, rather than occasional basis.
These UK companies will need to appoint a Representative that:
- Acts as the point of contact for data subjects and supervisory authorities; and
- Enables supervisory authorities to pursue enforcement actions within the territories
This is set out in more detail by the Information Commissioner’s Office (ICO), the supervisory body for Data Protection in the UK. As compliance experts, our team can help to explain and ensure you are not falling foul of the regulation.
So, if you currently have customers within the EEA but have no offices – that is, only UK offices – then you will need to appoint a representative within the geographical area of the EEA.
The Representative undertakes the following responsibilities:
- Co-operates with the supervisory authorities of the EU countries
- Liaises between your customers and your organisation on data protection matters
- Ensure compliance with the GDPR
If you fail to appoint an EU Representative for your business when the above rules apply, you are in breach of the GDPR.
Simply put, you are breaking the law and by not complying with your legal obligations. This means that you will heavily-fined – potentially up to 4% of your global turnover.
It will also adversely affect your business in terms of loss of reputation, caused by the associated negative publicity. It may also lead to lawsuits from Data Subjects – your EU customers, whose rights have been infringed.
CONTACT US TODAY!
We can offer full representation within the EEA, including full Data Protection Officer (DPO) services from our EEA based offices in Paphos, Cyprus.
Data Protection Officer
In addition, we can support you in becoming compliant, act as your external Data Protection Officer (DPO) and advise you on an ongoing basis. Costs vary according to size and complexity of organisation.
More reasons to choose JVR Consultancy for Compliance & Risk Management