Content library
General Data Protection Regulation
27. Representatives of controllers or processors not established in the Union

How to fill the requirement

General Data Protection Regulation

27. Representatives of controllers or processors not established in the Union

Task name
Priority
Status
Theme
Policy
Other requirements
Appointment of a representative in the Union
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Privacy
Security and responsibilities
1
requirements

Task is fulfilling also these other security requirements

27. Representatives of controllers or processors not established in the Union
GDPR
1. Task description

The Data Protection Regulation applies to the processing of personal data of EU data subjects by an organization not established in the EU, if the processing involves

  • the supply of goods or services to those data subjects in the Union, whether or not the data subject is required to pay; or
  • monitoring the behavior of these data subjects insofar as their behavior takes place in the Union

In such cases, the organization shall appoint a representative in writing for the territory of the Union, provided that the processing of personal data is not incidental.

The representative must be established in one of the Member States where the data subjects whose personal data are processed are located. The representative shall be empowered to contact the representative, in particular the supervisory authorities and the data subject, on any matter relating to the processing of personal data.

No items found.