Picture of mr. Hester Spaans

mr. Hester Spaans

Co-founder & General Legal Counsel

Does Your Company Need an EU Representative?

For companies that are based outside of the EU, the thought of GDPR (The General Data Protection Regulation 2016/679) can be daunting. This EU regulation on data protection and privacy applies to almost all companies operating in the EU that process data on EU nationals, regardless of whether they are based inside or outside of the area. The fines for non-compliance can be intimidatingly high and that’s why it’s essential for all companies to familiarise themselves with GDPR and make sure to stay on top of their customers’ data needs. Taking this into account and making sure your business model is compliant are key steps when working in the EU.

When does a company need an EU representative?

Companies that are not established in the EU but provide goods and services to EU citizens must comply with GDPR Article 27, which requires them to have an EU representative. Generally, this applies to companies that process a lot of personal data on a daily basis, or those that process sensitive data. These organizations typically have more than 250 employees and need to appoint an EU representative who can serve as a liaison between the GDPR and their activity.

What is the role of an EU representative?

GDPR representatives play an essential role in ensuring GDPR compliance and secure data protection of their business. As an authorised agent, GDPR representatives are responsible for receiving legal documents from national data protection authorities on behalf of the company, maintaining records of data processing activities, and communicating GDPR requirements to the business’s data subjects. The contact details of the GDPR representative should always appear in the business’s privacy policy. GDPR representatives have a significant responsibility in protecting both personal user data and upholding GDPR regulations.

Where must an EU representative be located?

GDPR (General Data Protection Regulation) requires that all companies collecting, processing, or storing data from EU citizens must have a GDPR representative located in the same EU member state where the data originates. For instance, if a Chinese company is collecting and processing data from Spanish data subjects, then the GDPR representative must be situated in Spain. In cases when the company collects, processes, or stores data from citizens of multiple EU member states, they can decide on the most convenient location for their GDPR representative.

How do you appoint an EU GDPR representative?

According to GDPR (General Data Protection Regulation), it is mandatory for businesses and organizations in the European Union to appoint a representative in writing, with clear information as to who has been appointed. The document should detail the company’s name and address, the EU representative’s name and contact info and include all relevant contractual terms such as hours worked, termination notice, pay rate and a non-disclosure.

While having a GDPR representative can ensure that all GDPR requirements are being met, this does not affect your own responsibility or liability under the EU GDPR.

EU GDPR representative services

It is important to thoroughly consider your options when choosing an EU representative for GDPR compliance. This should include researching the representative’s experience, location, costs and terms of service, as well as how flexible they are in providing data protection and privacy services in the future. If you’re unsure about GDPR requirements that apply to your business, Spaans&Spaans can assist with GDPR compliance and guidance on good data management practice.

We also offer EU GDPR representatives as a service. Please contact us for more information.

Legal support nodig?

Neem contact met ons op

Scroll naar boven

mr. Hester Spaans

Co-founder & General legal consultant

Hester is een van de oprichters van Spaans&Spaans en werkt als General Legal Consultant. Ze heeft meerdere masters in het recht afgerond aan de Universiteit van Amsterdam en het voorrecht gehad een half jaar aan de University of Hong Kong te mogen studeren. Gefrustreerd over de stoffige juridische wereld, besloot ze destijds het heft in eigen hand te nemen en als ondernemer te starten. 

Inmiddels werkt ze al zo’n 5 jaar bij Spaans&Spaans en heeft ze honderden ondernemers mogen bijstaan met vraagstukken op het snijvlak van IT en recht.

Haar passie voor tech (en met name web3!) is van grote waarde bij het ‘vertalen’ van juridische regelgeving op het gebied van ICT/internet-en privacyrecht naar de dagelijkse technische realiteit. Klanten omschrijven haar als doortastend, vakkundig en pragmatisch. Om haar kennis op peil te houden is ze o.a. lid van de Vereniging voor Auteursrecht. 

mr. Lucia Spaans

Co-founder & Privacy officer

Lucia is mede-oprichter van Spaans&Spaans en werkt gedreven samen met het team aan het leveren van onze juridische diensten op top niveau.

Ze is enorm gemotiveerd en een perfectioniste (soms, oké, dikwijls, op het irritante af) die alles tot in de puntjes geregeld wil zien. Haar passie voor het recht kwam al naar voren tijdens haar studietijd in Amsterdam, waar ze ervoor koos om twee juridische masters te volgen. Het liefst controleert ze alle juridische stukken en correspondentie die dagelijks bij Spaans&Spaans de deur uitgaan meerdere malen, zodat de cliënt er zeker van kan zijn dat alles perfect geregeld is.

Verder is ze een groot fan van koffie, reist ze graag en is ze actief als gitariste (ja, echt).