Article 27 specifically relates to the appointment of a representative by organizations that are not established within the European Union but process the personal data of EU residents. This is what PrivacyEngine's team of consultants help with.
Article 27 specifically relates to the appointment of a representative by organizations that are not established within the European Union but process the personal data of EU residents. This is what PrivacyEngine's team of consultants help with.
Utilize PrivacyEngine's experts to represent you in Europe
Ensure total compliance for a rock bottom price
Complete this quick exercise. This checklist will help you establish whether or not you need Nominated Representative is needed.
Here’s the low down on what exactly is included in PrivacyEngine’s Article 27 Representation service. We can’t wait to get started!
Article 27 states that if a business or entity based outside the EU offers goods or services to, or monitors the behavior of, individuals in the EU, they must appoint a representative in one of the EU member states where the data subjects are located.
about Article 27
The Nominated Representative ensures there is a mechanism in place for Data Subjects and Supervisory Authorities to easily communicate, access and request any Personal Data and Processing Activities of an Organization outside Europe.
All we require to complete the service is a designated point of contact within your organization to liaise with. If your organization does not currently maintain a Record of Processing Activities (RoPA), we can assist in creating one.
Essentially, no. There is no regulatory requirement enforcing Nominated Representatives to be based in a specific EU Member State.
No, these are distinct requirements. While a DPO is required in certain situations under Article 37, appointing a representative under Article 27 specifically applies to non-EU organizations that process EU residents’ data.
No, we act as a conduit between European Data Subjects and your Organization. Any request received by your Nominated Representative will be passed to you to deal with, alongside any queries from any Supervisory Authority.
We will set you up with an Article 27 PrivacyEngine license. Through this license there is a ‘Group Chat’ feature which your Nominated Representative will primarily contact you through.
Alongside this, we have Mandatory Logs available within the Platform, we will have a shared Data Subjects Rights log that your Nominated Representative will fulfil, and your Data Champions will have access to, in order to see real-time activities.
Similarly, we will have a Supervisory Authority Communications log that your Nominated Representative will input any queries from Supervisory Authorities for you and your team to refer to at any stage.
Article 27 of the General Data Protection Regulation states that if you Organization is not established within Europe (or the EEA) and are:
Then you need a Nominated Representative.
If you do not fulfil the Article 27 criteria of appointing a Nominated Representative, your Organization can be fined up to 10 million Euro or 2% of your global turnover (whichever is more).
Anything you do that involves automated analysis or behavioural predictions of individuals (movements, personal preferences, health, economic situation etc).
Usually, we would recommend Quarterly meetings at a minimum, however if you feel as though you would like more regular meetings just let us know!
““We are particularly impressed with the outstanding levels of direct support and assistance provided by the great team at PrivacyEngine.””
Fiachra Barrett
Information Compliance Officer, SEAI Ireland