GDPR Representative
Contact Us
Contact us today to see how we can help you, and to explain the benefits of appointing us as your GDPR Representative.
GDPR Representative
provided by LL RegTech Consulting LTD
Appoint us as Your GDPR Representative
LL RegTech Consulting LTD will be your Representative in the EU and UK, and the point of contact for customers and authorities in the EU/UK regarding privacy.
Tools to Get the Job Done
We utilise in-house technology to on-board our clients quickly and simply, and to help them assess their GDPR compliance.
In Good Hands
To ensure our clients’ peace of mind, we will additionally provide you with the core GDPR compliance assets.
You need a GDPR representative if you:
have no establishment in the EEA and UK respectively, and/or
offer goods and services or monitor behaviour of individuals in the EEA and/or UK.
Still in doubt? Test whether you need a EU/UK representative here.
Your Business, Represented!
Included with the service:
Article 27 GDPR representation in the EU and/or UK;three complimentary licenses for GDPR online training; and
Article 30 GDPR Records of Processing Activities template and Privacy Notice template.
FAQs
Do I need an EU and/or UK Representative according to Article 27 of the GDPR?
Firms based outside the EEA and/or the UK without an establishment in the EEA and/or the UK but offering services to individuals in the EEA and/or the UK (e.g. provision of a website in an EU language) or monitoring behaviour (e.g. cookie profiling), need to appoint a Representative in the EEA and/or the UK according to Article 27 of the GDPR.
Why should I care about European regulation as a non-European company?
The GDPR extends its territorial scope beyond the territory of the EEA and of the UK and
therefore can be enforced on firms outside of Europe with potential fines of EUR 20 million or 4% of turnover whichever is greater.
What else do I need to remain compliant with GDPR?
Under GDPR, you are expected to maintain privacy framework of which the core elements are: privacy notice (art. 13 and 14 GDPR); records of processing activities (art.30 GDPR); employee training and internal policies and procedures ensuring compliance with the core principals of GDPR.
Are there any Exemptions to Article 27?
Controllers and processors are exempt from the requirement to have a representative if all of the following criteria are met:
- Personal data is only processed occasionally (this is expected to be interpreted narrowly).
- The processing does not include large-scale data processing of special categories of personal data or personal data relating to criminal convictions and offences.
- The processing is unlikely to result in a risk to the rights and freedoms of the data subject.
Note that in practice it would be difficult for a business to claim that personal data is processed ‘occasionally’ as according to European Data Protection Board’s guidelines* occasionally means that it may happen more than once, but not regularly, and would occur outside the regular course of actions.
*https://www.edpb.europa.eu/sites/default/files/files/file1/edpb_guidelines_2_2018_derogations_en.pdf
Have any questions?