Leo for GDPR Representative

Appoint us as Your GDPR Representative
Leo will be your Representative in the EU and UK, and the point of contact for customers and authorities in the EU/UK regarding privacy.

Tools to Get the Job Done
We utilise in-house technology to on-board our clients quickly and simply, and to help them assess their GDPR compliance.

In Good Hands
To ensure our clients’ peace of mind, we will additionally provide you with the core GDPR compliance assets.

GDPR image 1

You need a GDPR representative if you: 

 

have no establishment in the EEA and UK respectively, and/or

  offer goods and services or monitor behaviour of individuals in the EEA and/or UK.

Still in doubt? Test whether you need a EU/UK representative here.

GDPR image 2
GDPR image 3

Your Business, Represented!

Included with the service:

Article 27 GDPR representation in the EU and/or UK;

three complimentary licenses for GDPR online training; and

Article 30 GDPR Records of Processing Activities template and Privacy Notice template.

FAQs

Do I need an EU and/or UK Representative according to Article 27 of the GDPR?

Firms based outside the EEA and/or the UK without an establishment in the EEA and/or the UK but offering services to individuals in the EEA and/or the UK (e.g. provision of a website in an EU language) or monitoring behaviour (e.g. cookie profiling), need to appoint a Representative in the EEA and/or the UK according to Article 27 of the GDPR.

Why should I care about European regulation as a non-European company?

The GDPR extends its territorial scope beyond the territory of the EEA and of the UK and
therefore can be enforced on firms outside of Europe with potential fines of EUR 20 million or 4% of turnover whichever is greater.

What else do I need to remain compliant with GDPR?

Under GDPR, you are expected to maintain privacy framework of which the core elements are: privacy notice (art. 13 and 14 GDPR);  records of processing activities (art.30 GDPR); employee training and internal policies and procedures ensuring compliance with the core principals of GDPR.

Are there any Exemptions to Article 27?

Controllers and processors are exempt from the requirement to have a representative if all of the following criteria are met:

  • Personal data is only processed occasionally (this is expected to be interpreted narrowly).
  • The processing does not include large-scale data processing of special categories of personal data or personal data relating to criminal convictions and offences.
  • The processing is unlikely to result in a risk to the rights and freedoms of the data subject.

Note that in practice it would be difficult for a business to claim that personal data is processed ‘occasionally’ as according to European Data Protection Board’s guidelines* occasionally means that it may happen more than once, but not regularly, and would occur outside the regular course of actions.
*https://www.edpb.europa.eu/sites/default/files/files/file1/edpb_guidelines_2_2018_derogations_en.pdf

GDPR image 4 - FAQ

GDPR Representative

Book a demo

Leo is the all-in-one solution for tackling compliance challenges and eliminating time-consuming, repetitive tasks.  It helps both employees and management.

Book a demo today to see how Leo simplifies compliance and adds value to your organisation.

Have any questions?

Chat to one of our Solutions Consultants

About Us     ¦     Blog   ¦   Privacy Notice   ¦   Legal