Appointing representatives
In today’s global and online world it is likely that controllers and processors that are not established in the EU process personal data of data subjects who are in the EU. Article 27 imposes the obligation to designate, in writing, a representative in the EU where processing activities are related to:
- Offering goods or services;
- Monitoring behaviour of data subjects as far as it takes place within the EU.
This obligation does not apply to public authorities or bodies. It is also not applicable to processing which is occasional, does not include processing operations with special categories of data on a large scale (Article 9(1)) or concerns personal data relating to criminal convictions and offences (Article 10), if these types of processing are unlikely to result in a risk to the rights and freedoms of natural persons.
The representative is mandated by a controller or processor and can be addressed by supervisory authorities and data subjects on all issues related to data processing by the controller or processor for the purposes of ensuring GDPR compliance.
Reach your personal and professional goals
Unlock access to hundreds of expert online courses and degrees from top universities and educators to gain accredited qualifications and professional CV-building certificates.
Join over 18 million learners to launch, switch or build upon your career, all at your own pace, across a wide range of topic areas.
