Appointing a Representative vis-à-vis GDPR Compliance

Appointing an EU representative is crucial for any non-EU business that processes personal data of EU citizens. It helps ensure legal compliance with GDPR requirements, facilitates communication with EU authorities, protects data subjects' rights, and builds trust with EU customers.?

If your business is based outside the European Union (EU) and processes personal data of EU citizens, it is mandatory to appoint an EU representative under the General Data Protection Regulation (GDPR). The GDPR is a regulation of the European Union that came into effect on May 25, 2018, and aims to protect the privacy of individuals in the EU by regulating the collection, use, and storage of their personal data.?

Representation in the European Union as mandated by the GDPR?

Here are some reasons why appointing an EU representative is essential:?

• Legal Compliance: The GDPR requires that non-EU businesses that process personal data of EU citizens appoint an EU representative. Failure to appoint an EU representative can result in legal penalties, such as fines, which can be substantial.?
• Facilitates Communication: Appointing an EU representative can facilitate communication between your business and EU authorities responsible for data protection. The EU representative can serve as a point of contact for data subjects and data protection authorities in the EU, helping to ensure compliance with GDPR requirements.?
• Protects Data Subjects' Rights: An EU representative is responsible for ensuring that data subjects in the EU are informed about how their personal data is being processed and their rights under the GDPR. This includes the right to access, rectify, erase, restrict, and object to the processing of their personal data.?
• Builds Trust: Appointing an EU representative can help build trust between your business and EU customers. It shows that your business is committed to protecting their personal data and complying with EU data protection laws, which can be an important factor in gaining and retaining customers.?

Compliance Mandate as per the GDPR?

Under Article 27 of the GDPR, non-EU businesses that process personal data of EU citizens are required to appoint an EU representative. The EU representative acts as the point of contact for data subjects and supervisory authorities in the EU, ensuring compliance with GDPR requirements.?

The GDPR has strict penalties for non-compliance with its provisions, and fines can be substantial. Here are some examples of GDPR fines and penalties for non-compliance:?

• 谷歌 was fined €50 million ($57 million) by the French data protection authority, CNIL, in 2019 for failing to obtain valid consent for personalized ads. CNIL found that Google's users were not sufficiently informed about the use of their personal data.? British Airways was fined ￡20 million ($27 million) by the UK Information Commissioner's Office (ICO) in 2020 for failing to protect its customers' personal data. The ICO found that the airline had poor security measures in place, which led to a data breach affecting over 400,000 customers.?H&M was fined €35 million ($41 million) by the German data protection authority, Hamburg Commissioner for Data Protection and Freedom of Information (HmbBfDI), in 2021 for unlawfully collecting and storing personal data of employees. HmbBfDI found that H&M had gathered extensive personal information about its employees, including their health and private lives, without a legal basis.?
• 万豪酒店 was fined ￡18.4 million ($23.9 million) by the UK ICO in 2020 for failing to protect the personal data of millions of guests. The ICO found that Marriott had insufficient security measures in place and had failed to detect a cyber-attack that resulted in the theft of guests' personal data.? 亚马逊 was fined €746 million ($887 million) by the Luxembourg data protection authority, CNPD, in 2021 for violating GDPR data protection laws. The CNPD found that Amazon had processed personal data in a way that did not comply with the GDPR, particularly in relation to advertising and marketing practices.?Vodafone Spain was fined €8.15 million ($9.7 million) by the Spanish data protection authority, AEPD, in 2020 for unlawful telemarketing practices. The AEPD found that Vodafone had contacted individuals without their consent, used data for marketing purposes without authorization, and had not provided an adequate way to unsubscribe from marketing communications.?
• Google Ireland was fined €100 million ($121 million) by the Italian data protection authority, in 2021 for violating GDPR data protection laws. It was found that Google had unlawfully processed users' personal data for advertising purposes without obtaining sufficient consent.?

Tsaaro for EU Representation as a Service?

Tsaaro's EU Rep service is an excellent choice for non-EU businesses that want to ensure GDPR compliance, protect their customers' personal data, and avoid penalties for non-compliance. Here is why:??

• Tsaaro's EU Rep service provides a cost-effective and hassle-free solution for non-EU businesses that process personal data of EU citizens.?
• Our EU representative acts as a point of contact for data subjects and supervisory authorities in the EU, ensuring compliance with GDPR requirements.?
• Our team of experts has extensive knowledge of GDPR regulations, and we can provide advice and support on all aspects of GDPR compliance.?
• We offer customized services tailored to your business needs, such as GDPR compliance audits, data protection impact assessments, and data breach notification services.?
• With Tsaaro's EU Rep service, you can save time and resources and focus on your core business activities without worrying about the complexities of data protection laws.?
• We stay up-to-date with the latest GDPR regulations and provide ongoing support to ensure that your business stays compliant.?
• By appointing Tsaaro's EU representative, you can build trust with EU customers, demonstrate your commitment to data protection, and avoid penalties for non-compliance.?
• We offer transparent pricing and excellent customer support, ensuring that you receive the highest level of service and value for your investment.?

For more information on Tsaaro for EU Representation as a service, kindly visit: https://tsaaro.com/eu-gdpr-representative/??

1. Huge data breach exposes information on 168 million people and defense personnel. ?

The Cyberabad Police have detained seven members of a gang suspected of stealing and selling private information from the government and other significant institutions, including information on defense personnel and the private and confidential information of around 16.8 crore persons. Till now, it has been discovered that the suspects sold and leaked the data to at least 100 scammers while operating via three businesses of call centers in Noida as well as other locations.

The accused was also suspected to get involved into selling information related to government employees, demat accounts, PAN card, students database, energy and power sector and about individuals who are credit and debit card holders of private banks, users of social media, etc. Read More

2. Norway DPA releases a handbook to assist companies in identifying holiday cyber dangers. ?

Datatilsynet, Norway's data protection office, has released guidelines to assist businesses in spotting possible cyberattacks, which frequently increase during holidays like Easter. Businesses that rely on temporary or unskilled personnel may see an increase in the danger of a cyberattack during times of closure. The guide provides advice on the kinds of privacy assessments which ought to be carried out if a company believes it may have been the target of an attack. Read More Read More

3. Theft of 7.9 million license numbers from an Australian estate developer ?

A data breach was notified to 1,900 clients and employees by the Australian property developer Meriton, according to The Sydney Morning Herald.

According to Meriton, the cyber intrusion may have exposed visitor contact information as well as financial, health, and employment information for staff. ?

Reuters states 7.9 million Australian and New Zealand driver's licenses had information stolen, according to Australian consumer financing company Latitude Group Holdings. 53,000 passport credentials and more than 6 million customer records stored between 2005 and 2013 were also compromised. Read More

4. OPC advocates privacy protections in the revision of the Competition Act. ?

The Canadian Privacy Commissioner Philippe Dufresne investigated the matter and suggested as to how Canadian Competition Act can be revised to take privacy issues into consideration.

Dufresne wrote a letter to the minister of innovation, science, and industry in which he stated that stronger laws, as well as better coordination between privacy and competition agencies, are required to protect the Canadians as they expect their government to provide and establish connections to build a consumer trust and innovative marketplace. Read More

5. Plans for the Meta EU opt-outs for tailored advertising ?

The Wall Street Journal reports that Meta intends to provide the consumers of EU the option to decline or to reject the data processing practices which is also known as the option of opt-out for the purpose of advertising.

As Meta works to comply with a directive from Ireland's Data Protection Commission on legal basis for processing data under the EU GDPR, the change will only apply to Facebook and Instagram users in the EU. Users are given the option to choose tailored adverts based on large categories of data by submitting an online opt-out application under the proposal.

Before implementing a selection, Meta will examine the opt-out request. The European privacy rights organization NOYB, which took the initial matter to the DPC, intends to file a lawsuit to contest the new Meta procedure. Read More?