Guest user Created: Nov 22, 2021 Last commented: Nov 29, 2021

Appointing a representative

I am the sole proprietor of a US company (data controller) providing freelance translation services to customers in a few EU States. I was informed by a GDPR representative company that I needn't appoint a representative. However, as I understand it, if there is a breach involving the data of a data subject located in the EU, I must contact the supervisory authority. Must I contact the authority only in the state where the breach occured, or do I have to contact every member state in which I operate?

0 0

Assign topic to the user

Select user

Expert

Alessandra Nisticò Nov 29, 2021

You may contact the German Supervisory Authority where the data subjects were located. Article 60 GDPR established a cooperation mechanism between Supervisory Authorities that help to assess similar situations and there is mutual recognition of the validity of decisions. Therefore, if a data breach occurs you can notify only one Supervisory Authority (i.e., in Germany).

Here you can find more information about Supervisory Authorities:

EU GDPR: What is it and how does it work? https://advisera.com/eugdpracademy/what-is-eugdpr/
The obligations of controllers towards Data Protection Authorities according to GDPR https://advisera.com/eugdpracademy/blog/2017/12/11/the-obligations-of-controllers-towards-data-protection-authorities-according-to-gdpr/
Useful resources for complying with EU GDPR https://advisera.com/eugdpracademy/knowledgebase/useful-links/

If you are interested in implementing EU GDPR compliance, you can consider enrolling in our free EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Nov 22, 2021

Nov 29, 2021

Expert Advice Community