Guest
Appointing a representative
I am the sole proprietor of a US company (data controller) providing freelance translation services to customers in a few EU States.
I was informed by a GDPR representative company that I needn't appoint a representative.
However, as I understand it, if there is a breach involving the data of a data subject located in the EU, I must contact the supervisory authority. Must I contact the authority only in the state where the breach occured, or do I have to contact every member state in which I operate?
Assign topic to the user
Expert
Alessandra Nisticò
Nov 29, 2021
You may contact the German Supervisory Authority where the data subjects were located. Article 60 GDPR established a cooperation mechanism between Supervisory Authorities that help to assess similar situations and there is mutual recognition of the validity of decisions. Therefore, if a data breach occurs you can notify only one Supervisory Authority (i.e., in Germany).
Here you can find more information about Supervisory Authorities:
- EU GDPR: What is it and how does it work? https://advisera.com/eugdpracademy/what-is-eugdpr/
- The obligations of controllers towards Data Protection Authorities according to GDPR https://advisera.com/eugdpracademy/blog/2017/12/11/the-obligations-of-controllers-towards-data-protection-authorities-according-to-gdpr/
- Useful resources for complying with EU GDPR https://advisera.com/eugdpracademy/knowledgebase/useful-links/
If you are interested in implementing EU GDPR compliance, you can consider enrolling in our free EU GDPR Foundations Course: https://training.advisera.com/course/eu-gdpr-foundations-course/
Comment as guest or Sign in
Nov 22, 2021
Nov 29, 2021
Nov 29, 2021