If you do not have any EEA or UK offices, branches or other establishments, you should consider whether you are processing personal data of individuals in the EEA or in the UK that relates to either:
- offering goods or services to individuals in the EEA or UK; or
- monitoring the behaviour of individuals in the EEA or UK.
If you are carrying out such processing, you will need to consider whether you must appoint a European GDPR representative (or a UK representative to organisations outside the UK, after 31st December 2020)
You will need to authorise the representative, in writing, to act on your behalf regarding your EU/UK GDPR compliance, and to deal with any supervisory authorities or data subjects in this respect.
Your representative may be an individual, or a company or organisation established in the EEA/UK, and must be able to represent you regarding your obligations under the EU/UK GDPR (e.g. a law firm, consultancy or private company). In practice, the easiest way to appoint a representative may be under a simple service contract.
You should give details of your representative to EEA/UK-based individuals whose personal data you are processing. This may be done by including them in your privacy statement generated by Complianz, or in the upfront information you give them when you collect their data. You must also make it easily accessible to supervisory authorities – for example by publishing it on your website.
Your appointment of your representative must be in writing and should set out the terms of your relationship with them. Having a representative does not affect your own responsibility or liability under the EU/UK GDPR.