Frequently Asked Questions
Who needs a GDPR Representative?
Any non-European Union (EU) or non-European Economic Area (EEA) business that processes personal data of individuals residing in the EU, regardless of its location, needs to appoint a GDPR Representative.
This requirement applies to businesses offering goods or services to EU residents or monitoring their behaviour. By appointing a GDPR Representative, these businesses ensure compliance with the General Data Protection Regulation (GDPR) and facilitate effective communication with EU supervisory authorities and data subjects.
What’s the difference between EU/UK/GDPR Representative?
The EU/UK GDPR Representative essentially refers to the same role and responsibilities. The difference lies in the specific context in which the representative is appointed.
The EU Representative is designated for businesses outside the EU processing personal data of EU residents.
Since Brexit, the UK has its own privacy legislation. A UK Representative is appointed by businesses outside the UK processing personal data of UK residents.
Both representatives fulfill the same function of serving as a point of contact and ensuring compliance with the respective data protection regulations (GDPR for the EU and UK-GDPR for the UK).
CRANIUM has offices in the UK and in Belgium and can therefore act as your UK and EU representative, hence our use of GDPR Representative.
Can an EU Representative be based outside of the EU?
No. An EU Representative needs to be located in the member state of the European Union that you target (more specifically, where data subjects are, whose personal data are processed in relation to the offering of goods/services to them, or whose behaviour is monitored) . If you target most of the EU, then you can choose one member state.
What are the responsibilities of a GDPR Representative?
The representative is mandated by the controller or processor to be addressed in addition to or instead of the controller or the processor by supervisory authorities and data subjects on all issues related to processing.
The concept of representative was introduced with the aim of facilitating the liaison with and ensuring effective enforcement of the GDPR against controllers or processors that fall under Article 3(2) of the GDPR.
More info: EDPG Guidelines 3/2018 p27-28
https://edpb.europa.eu/sites/default/files/files/file1/edpb_guidelines_3_2018_territorial_scope_after_public_consultation_en_1.pdf
What are the potential consequences of not appointing a GDPR Representative?
Appointing a GDPR representative offers you peace of mind and allows you to take a step towards GDPR compliancy.
Not appointing a GDPR Representative, when necessary, is an infringement of Article 27 of the GDPR, which is subject to the first tier of administrative fines up to €10 million or 2% of the total worldwide annual turnover (whichever is highest).
Can I get additional advice or support from CRANIUM?
Our GDPR Representative solution includes a 30 minute 1:1 with a data protection expert every quarter. During this meeting, you get the opportunity to ask all your questions related to the solution.
If more assistance or advice is needed, it is possible to book extra hours with our experts Our specialists are available quickly for ad hoc assistance when needed.
Does appointing a GDPR Representative absolve non-EU companies of liability and responsibility?
No, appointing a GDPR Representative does not exempt non-EU companies from their obligations and accountability under the GDPR. It serves as a means of fulfilling regulatory requirements and facilitating effective communication but does not absolve companies of their responsibilities.
How much does it cost to appoint a CRANIUM GDPR Representative?
Our competitive pricing starts at 2.000 euros/year. Depending on the company size and nature of processed data, the price may vary. Please reach out for a personalized quote.
Why should I choose CRANIUM as my trusted partner for a GDPR Representative?
Of course, you’re free to pick your GDPR representative partner as you please.
You choose CRANIUM as your trusted GDPR Representative partner for our extensive experience and expertise in data protection. Founded at the heart of the EU (Brussels), we are the reference for all-round privacy services, consisting of an 80+ consultancy team with varying areas of expertise. We are an all-round partner, able to assist you with additional services and advice when needed.