gdpr GDPR Agreement for the Appointment of an EU Representative GDPR Agreement for the Appointment of an EU Representative Template

GDPR Agreement for the Appointment of an EU Representative Template

by Rajeshwari Kumar

Introduction

The agreement explains the scope of the EU representative's responsibilities in keeping the personal data of its end-users safe and confidential and complying with the GDPR authorities’ requests. Since the representative is located locally, the end-users are expected to feel more comfortable reaching out to them.

GDPR Agreement for the Appointment of an EU Representative

EU Representative

What Is An EU Representative? The role of the representative is to act as a POC for all matters concerning the organizations' end-users or EU supervisory authorities. This role is mandatory and assists all organizations lacking a physical presence inside the EU, giving all concerned parties a local address to raise personal data concerns.

Who Can Be An EU Representative? The representative must be located within an EU country where its citizens deal directly with the Organization, either buying its goods or using its services.

Who Needs An EU Representative? One of the GDPR statutes stipulates that any organization based in a non-EU country offering its goods or services to people inside the EU must nominate one of its employees to be the EU representative. This includes organizations which monitor the behaviour of people in the EU.

What to Include in Your Appointment of EU Representative Letter? 

1. The name of the representative and their complete contact information.

2. The name and details of the Organization.

3. Complete the role of the representative, their obligations and designation.

    Details Of The Appointment:

    • Co-operation: The representative is expected to comply with all the GDPR statutes and facilitate their activities related to inquiries and requests.
    • Designation: The EU representative must designate the POC in writing and ensure that they are in one of the EU countries whose end-users personal data is being processed.
    • Obligations: The representative must be the POC between the Organization and the GDPR authorities & end-users. They must ascertain that the Organization is cooperating fully with their requests.
    • Contact information: The contact details of the representative must be readily accessible.
    • Purpose: Enforce the GDPR statutes and offer a local POC for any queries, requests and demands of either the local authorities or the end-users

    Role of the EU Representative: The scope of responsibilities included in the role of the EU representative is ensuring that the personal data of its end-users is safe and confidential and complies with the GDPR authorities' requests. Since the representative is located locally, the end-users are expected to feel more comfortable reaching out to them.

    Conditions of the Appointment:

    1. Must explain all the ways that the representative can be contacted.

    2. Needs to describe the responsibility of the representative.

    3. Details how the representative is supposed to cooperate with any requests, either by the end-users or the authorities.

      Indemnity Clause: The EU Representative agrees to indemnify and hold harmless the Organization from and against any claims, losses, liabilities, damages, costs, and expenses (including reasonable attorneys' fees) arising out of or in connection with any breach by the EU Representative of its obligations under this Agreement.

      Governing Law: Since the EU representative works out of a particular EU country, they are subject to the laws of that country. The GDPR doesn't specify a particular governing law for the EU representative. However, it is recommended that they follow the governing law of the country in which they are located.

      Non-Disclosure Agreement (NDA): The GDPR doesn't require the EU representative to sign an NDA with the Organization in which they are employed. However, it is considered good practice to do so. The NDA refers to all the confidential information the EU representative can access while fulfilling their day-to-day responsibilities.

      How Does an EU Representative Differ From a DPO?

      • Location: The DPO can be located anywhere in the world, while the EU representative must live within the EU.
      • Purpose: The DPO makes sure that the organization complies with all the GDPR statutes, while the EU representative represents the Organization in all matters that have to do with data protection vis-a-vis the end-users.
      • Requirements: The DPO must have prior knowledge of the laws of data protection and is required to operate independently of the management, while the EU representative must be a legal entity of the country in which they live in.

      What Does an EU Representative Do? Mainly serve as a point of contact between the Organization and all its end-users in keeping their personal data safe and secure. Any queries on this subject are responded to promptly. The EU representative can also assist in legal proceedings responses to a data breach and liaise between the Organization and the GDPR authorities.

      How to Create An Appointment of EU Representative Letter?

      • Include the name of the representative and their full contact information.
      • Include the name and details of the Organization.
      • Specify the complete role of the representative, their obligations and designation.

      Key Takeaways

      • The appointment letter must be in understandable everyday language.
      • A copy of the letter must be saved for audit purposes.
      More from: gdpr GDPR Agreement for the Appointment of an EU Representative GDPR Agreement for the Appointment of an EU Representative Template
      Back to GDPR