SUPPORT | GDPR ART.27 REPRESENTATION
SECURE YOUR BUSINESS
WITH THE EUROPEAN UNION
GDPR IMPACT SINCE 2017
TOTAL AMOUNT OF FINES MORE THAN
SOURCE : CMS LEGAL 2019
AS A NON-UE COMPANY,
YOU ARE IMPACTED :
Globally, if you process European personal data in your business
- You are a subcontractor (or Data Processor) of a European company
- You offer goods and/or services to individuals in the EU
- You monitor the behaviour of individuals in the EU
BEYOND THE FINANCIAL DANGER, IF YOU ARE NOT IN GOOD STANDING,
YOU MAY ALSO BE EXCLUDED FROM ANY CALL FOR TENDERS FROM A EUROPEAN COMPANY.
Art. 27 of GENERAL DATA PROTECTION REGULATION (GDPR)
Representatives of controllers or processors not established in the Union
1/ Where Article 3(2) applies, the controller or the processor shall designate in writing a representative in the Union.
2/ The obligation laid down in paragraph 1 of this Article shall not apply to:
a) processing which is occasional, does not include, on a large scale, processing of special categories of data as referred to in Article 9(1) or processing of personal data relating to criminal convictions and offences referred to in Article 10, and is unlikely to result in a risk to the rights and freedoms of natural persons, taking into account the nature, context, scope and purposes of the processing; or
b) a public authority or body.
3/ The representative shall be established in one of the Member States where the data subjects, whose personal data are processed in relation to the offering of goods or services to them, or whose behaviour is monitored, are.
4/ The representative shall be mandated by the controller or processor to be addressed in addition to or instead of the controller or the processor by, in particular, supervisory authorities and data subjects, on all issues related to processing, for the purposes of ensuring compliance with this Regulation.
5/ The designation of a representative by the controller or processor shall be without prejudice to legal actions which could be initiated against the controller or the processor themselves.
BE IN COMPLIANCE WITH THE GDPR
HAVE A GDPR REPRESENTATIVE IN EUROPE
A- EU CLIENTS HAVE TO MAKE SURE FOREIGN SUPPLIERS/DATA PROCESSORS ARE GDPR
Clients are legally liable to regulator for suppliers’ GDPR compliance when suppliers act on their behalf
Clients purchase policy will require from supplier a proof of GDPR Compliant Processes
Without GDPR policy in place, client may potentially not send tender to supplier
B- SUPPLIER DOES NOT HAVE A GDPR POLICY
This will put Client at risk, given his position of Data Controller, then legally responsible vis-a-vis the EU regulators
Client can suspend or stop any business relations with the supplier
Client can urge supplier to be GDPR compliant in short delay
C- GDPR BECOMES THE OPPORTUNITY FOR NEW BUSINESSES
Putting a GDPR Policy in place will reveal data patrimony
This will create a new asset in the company financial value
Opportunity to create new business models and future cash-flows
With our expertise in the fields of compliance and data, we will assist you in setting up your GDPR representative.
YOUR EUROPEAN GDPR REPRESENTATIVE
DATA PRIVACY SITUATION
To perform personal data analysis, processing, technical mapping, data governance and risk identification.
BEING YOUR LEGAL
To handle the relation with the EU Regulators, to setup a legal framework and operational governance, and to monitor ongoing data privacy compliance.
If necessary, we can also help you to implement the different processes and technical solutions within your company in order to guarantee a better quality in your personal data processing.
You are interested in this workshop or would like more information. We will be pleased to discuss with you: