According to GDPR’s articles 3 and 27, when a company not based in EU territory offers goods or services to a data subject in the European Union, or its activity requires monitoring the behavior of the data subject in the European Union (such as participants to clinical studies), needs to appoint a privacy representative in the country where the data subject are based.
Regulators have a range of sanctions to enforce compliance.
Requirements and duties of the privacy representative:
- Representative needs to have specific knowledge of privacy law (GDPR and local privacy laws)
- Representative can be a company or a person. If it’s a company, it has to appoint a professional, who has the needed expertise, as a referent
- Representative has to be based in the country where the data subject are based
- Representative has to act as connecting point between the extra EU company and the local Data Protection Authority
How Valos helps businesses.
VALOS, in partnership with the law firm Studio Legale Castagno & Associati, based in Italy and specializing in GDPR and Italian data protection law, provides qualified designed EU representative, and consulting services in GDPR and Italian data protection law.