The applicability of European data protection law depends not only on whether the controller or the processor are established in the European Union.
- do not have an establishment within the EU, however,
- you offer goods or services to persons in the EU, or
- you monitor the behaviour of persons in the EU (in particular,tracking or profiling),
your enterprise does fall within the scope of application of the GDPR and you are obliged to appoint an EU representative pursuant to Article 27 of the GDPR.
Your representative will serve as the point of contact for the data subjects and the supervisory authorities as regards any and all issues relating to the processing of personal data, so that the data subjects and the supervisory authorities are provided with a direct contact person within the EU.
Furthermore, it is part of the range of tasks of your representative to represent your company with respect to the duties arising under the GDPR. This includes, inter alia, the acceptance and forwarding of requests from data subjects (e.g., requests for information or erasure) or, upon request by the supervisory authority, the provision of the records of processing activities.
Scheja & Partner Rechtsanwälte will be happy to assume the function of EU representative for you. Please do not hesitate to contact us.