The Dutch data protection authority (AP) imposed a severe penalty on a website operator, and this instantly rang the alarm on UK businesses. Should they appoint an EU-based data protection representative to comply with EU GDPR legislation?

Everything started when a website called, thought to be based in Canada, posted personal data online without permission and received several complaints from the Netherlands. It was later known through the regulator that the company did not have an EU representative and, therefore, was imposed a €525,000 fine. was also ordered to appoint an EU representative by March 18th and if it failed to do so, an additional penalty would be imposed.

As claimed by Wouter Seinen of Pinsent Masons “the AP’s enforcement action is a warning to potentially thousands of UK-based companies whose activities are within the scope of the EU GDPR post-Brexit”. Even though those businesses are already subject to the UK GDPR, Seinen said that “it is likely that many continue to be subject to the EU GDPR too, and that a large proportion of those companies are probably unaware that they require to designate an EU-based representative to comply with that legislation”.

So, why is it so important to designate an EU representative? According to the GDPR, all EU citizens have the right to the protection of their personal data. When a company based outside of the EU offers goods or services to those citizens or monitors their behavior within the EU countries, then they must appoint an EU representative to act on their behalf.

Then, what should you do if there is a data breach involving your company? Under the GDRP, businesses must report to pertinent authorities whenever a data breach occurs. The EU representative will play another significant role in this case: making sure your company complies with all the requirements needed to operate in the EU and its GDPR readiness.

The non-compliance with GDPR legislation or not having an EU representative can have severe consequences such as extremely high penalties, business discontinuity of the EU operations, and even loss of customers due to bad reputation. 

At first European we can advise you on your company´s next steps in the EU market, based on current activities in Europe, your targeted audience, and your growth ambitions. We become your single point of contact in the EU.

To know more about our Data Rep Services, please visit