SUPPORT | GDPR ART.27 REPRESENTATION

SECURE YOUR BUSINESS
WITH THE EUROPEAN UNION

GDPR IMPACT SINCE 2017

TOTAL AMOUNT OF FINES MORE THAN
377
MILLION EUROS

SOURCE : CMS LEGAL 2019

AS A NON-UE COMPANY,
YOU ARE IMPACTED :

Globally, if you process European personal data in your business

  • You are a subcontractor (or Data Processor) of a European company
  • You offer goods and/or services to individuals in the EU
  • You monitor the behaviour of individuals in the EU

BEYOND THE FINANCIAL DANGER, IF YOU ARE NOT IN GOOD STANDING,

YOU MAY ALSO BE EXCLUDED FROM ANY CALL FOR TENDERS FROM A EUROPEAN COMPANY.

Art. 27 of GENERAL DATA PROTECTION REGULATION (GDPR)

Representatives of controllers or processors not established in the Union

1/ Where Article 3(2) applies, the controller or the processor shall designate in writing a representative in the Union.
2/ The obligation laid down in paragraph 1 of this Article shall not apply to:
a) processing which is occasional, does not include, on a large scale, processing of special categories of data as referred to in Article 9(1) or processing of personal data relating to criminal convictions and offences referred to in Article 10, and is unlikely to result in a risk to the rights and freedoms of natural persons, taking into account the nature, context, scope and purposes of the processing; or
b) a public authority or body.

3/ The representative shall be established in one of the Member States where the data subjects, whose personal data are processed in relation to the offering of goods or services to them, or whose behaviour is monitored, are.
4/ The representative shall be mandated by the controller or processor to be addressed in addition to or instead of the controller or the processor by, in particular, supervisory authorities and data subjects, on all issues related to processing, for the purposes of ensuring compliance with this Regulation.
5/ The designation of a representative by the controller or processor shall be without prejudice to legal actions which could be initiated against the controller or the processor themselves.

YOUR CHALLENGES

BE IN COMPLIANCE WITH THE GDPR

HAVE A GDPR REPRESENTATIVE IN EUROPE

BUSINESS DRIVERS

A- EU CLIENTS HAVE TO MAKE SURE FOREIGN SUPPLIERS/DATA PROCESSORS ARE GDPR

Clients are legally liable to regulator for suppliers’ GDPR compliance when suppliers act on their behalf

Clients purchase policy will require from supplier a proof of GDPR Compliant Processes

Without GDPR policy in place, client may potentially not send tender to supplier

B- SUPPLIER DOES NOT HAVE A GDPR POLICY

This will put Client at risk, given his position of Data Controller, then legally responsible vis-a-vis the EU regulators

Client can suspend or stop any business relations with the supplier

Client can urge supplier to be GDPR compliant in short delay

C- GDPR BECOMES THE OPPORTUNITY FOR NEW BUSINESSES

Putting a GDPR Policy in place will reveal data patrimony

This will create a new asset in the company financial value

Opportunity to create new business models and future cash-flows

OUR MISSION

With our expertise in the fields of compliance and data, we will assist you in setting up your GDPR representative.

YOUR EUROPEAN GDPR REPRESENTATIVE

DATA PRIVACY SITUATION
ASSESSMENT

To perform personal data analysis, processing, technical mapping, data governance and risk identification.

BEING YOUR LEGAL
REPRESENTATIVE

To handle the relation with the EU Regulators, to setup a legal framework and operational governance, and to monitor ongoing data privacy compliance.

If necessary, we can also help you to implement the different processes and technical solutions within your company in order to guarantee a better quality in your personal data processing.

You are interested in this workshop or would like more information. We will be pleased to discuss with you: