Do you have a UK company that offers products or services to individuals who are in the EU/EEA? Or do you monitor the behaviour of those individuals? Are you aware of the consequences for no compliance with GDPR?
On May 25th, 2018 the EU General Data Protection Regulation came into force with the purpose to protect individuals concerning the processing of their data. After Brexit, the UK left the European Union, however, in the meantime, the UK has been acknowledged by the European Commission as a country with an adequate data protection regime and, therefore, data can still be transferred freely between the EU and the UK.
At the same time, this means that if you are a UK company with no offices, branches, or other establishments in the EU, but you are processing personal data of individuals that live there, either by offering them goods or services or by monitoring their behavior, you must still consider appointing an EU representative to act on your behalf.
What is the risk of not appointing a representative? Well, only for not having a rep, you could receive a penalty of up to 10M EUR or 2% of your global turnover, the EU operations of your business could be discontinued through supervisory interventions, and your reputation could be at stake due to negative media coverage and exposure. But that is not all. You could also receive a fine of up to 20M EUR or 4% of your company´s total turnover if you do not comply with the GDPR. A representative is something you should consider if you want to minimize risks engaging with EU individuals.
In the broader sense, the EU representative obligation not only applies to the UK, but also to other non-EU companies around the world that offer goods or services, or monitor the behavior of individuals in the EU.
Any company should be aware of the new legal obligations and requirements, and at First European, we can help you determine if you need an EU representative.
Once you know where you stand based on your current activities, targeted audience, and growth ambitions we can advise you on the appropriate next steps. We will act on your behalf as a single point of contact to regulators and individuals on all issues related to processing of personal data and to ensure compliance with the GDPR.
To know more about our Data Rep Services, please visit www.eudatarep.com