Guest
Appointing a representative
I am the sole proprietor of a US company (data controller) providing freelance translation services to customers in a few EU States.
I was informed by a GDPR representative company that I needn't appoint a representative.
However, as I understand it, if there is a breach involving the data of a data subject located in the EU, I must contact the supervisory authority. Must I contact the authority only in the state where the breach occured, or do I have to contact every member state in which I operate?
Assign topic to the user
EU GDPR DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
EU GDPR DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
EU GDPR DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
Expert
Alessandra Nisticò
Nov 29, 2021
You may contact the German Supervisory Authority where the data subjects were located. Article 60 GDPR established a cooperation mechanism between Supervisory Authorities that help to assess similar situations and there is mutual recognition of the validity of decisions. Therefore, if a data breach occurs you can notify only one Supervisory Authority (i.e., in Germany).
Here you can find more information about Supervisory Authorities:
- EU GDPR: What is it and how does it work? https://advisera.com/eugdpracademy/what-is-eugdpr/
- The obligations of controllers towards Data Protection Authorities according to GDPR https://advisera.com/eugdpracademy/blog/2017/12/11/the-obligations-of-controllers-towards-data-protection-authorities-according-to-gdpr/
- Useful resources for complying with EU GDPR https://advisera.com/eugdpracademy/knowledgebase/useful-links/
If you are interested in implementing EU GDPR compliance, you can consider enrolling in our free EU GDPR Foundations Course: https://training.advisera.com/course/eu-gdpr-foundations-course/
Comment as guest or Sign in
Nov 22, 2021
Nov 29, 2021
Nov 29, 2021