Does your organisation need to appoint an EU Representative?
GDPR projects and implementation efforts leading up to 25th May 2018 deadline now seem a distant memory. What the GDPR projects did not consider were the requirements applicable to companies outside of EU as at the time such requirements did not fall under high risk, high impact or were considered relevant by UK based companies. We will explore in this article what companies in the UK need to consider in respect of appointing an EU representative following Brexit, whenever it materialises!
An EU Representative is a person or organisation in the EU who can respond to information requests from either a Regulator or an individual. This is achieved by maintaining records of processing. The point to note here is that this role is different from a DPO as defined in GDPR.
How to decide whether an EU Representative is required to be appointed?
Here is an easy and quick assessment you can carry out using the following flow chart.
NB: Target market includes providing goods and services to EU individuals and/or tracking their behaviour even if no financial transaction takes place.
There is another exemption for companies other than solely operating in the UK and that is if EU individuals’ personal data is only occasionally processed. The condition is that it must not include any special category data, and/or it is considered large scale processing. Always consult the experts before taking advantage of exemptions.
What should you do next?
Once you have reached a conclusion for your company whether to appoint an EU Representative or not you must:
1. Evidence and document your rationale; if an EU Representative is required then,
2. Select an EU country where most of your data is processed.
3. Act now to select and appoint an EU Representative in the selected EU country.
How ConsentEye can help?
ConsentEye’s architecture is leading edge and engineered with privacy in mind. Customer data is stored in the ConsentEye cloud application and can be located anywhere. It is therefore compliant with the personal data geolocation requirements specified across all EU countries, (non-specified EEA countries) and the UK.
The ConsentEye platform has a single customer view allowing organisations to store consents and preferences and also customer attributes. These attributes can be any custom data point, such as purchase intention, location, clothing size, favourite colour, age or any other notable customer interest or motivation, which can all be captured or measured. These attributes come together to form highly targeted segments automatically enabling organisations to reach customers on a personal level. The open ecosystem allows imports, Secure File Transfer Protocol (SFTP) connections as well as real time streaming data from any source.
ConsentEye can replace current unstructured or structured databases and not only ensure GDPR compliance but organise and activate personal data effectively and automatically.
If organisations need to move data back to the UK from EU storage, then ConsentEye enables this personal data transfer to happen quickly, compliantly and with minimal effort.
Contact us now to arrange a 15minute demo.