Get 2 Documentation Toolkits for the price of 1
Limited-time offer – ends March 28, 2024

Expert Advice Community

Guest

Compliance check: Controller with no establishment and/or representative in EEA - Data and processing happens within EEA

  Quote
Guest
Guest user Created:   Aug 07, 2020 Last commented:   Aug 13, 2020

Compliance check: Controller with no establishment and/or representative in EEA - Data and processing happens within EEA

Our company established in Australia is planning to run a global online classifieds website. We will also be servicing to data subjects in EEA in addition to data subjects outside EEA.

We have no representatives or establishments in EEA. The data will be stored in Ireland and all of our servers will be in Ireland. We use a cloud hosting provider. We will never transfer data from Ireland to any third country.

Will we still be compliant? If not, what should we do to be compliant?

0 1

Assign topic to the user

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Alessandra Nisticò Aug 13, 2020

In order to be compliant, you need to appoint a representative in the EU this is an obligation of the controller stated in Article 27 GDPR and you should appoint it in Ireland since you are going to store data in that country. In fact, according to Article 27 paragraph 3 GDPR  “The representative shall be established in one of the Member States where the data subjects, whose personal data are processed in relation to the offering of goods or services to them, or whose behavior is monitored, are.”

You don’t need a representative if the processing:

  • is occasional,
  • does not include, on a large scale, processing of special categories of data as referred to in Article 9(1) or processing of personal data relating to criminal convictions and offenses referred to in Article 10,
  • and is unlikely to result in a risk to the rights and freedoms of natural persons, taking into account the nature, context, scope, and purposes of the processing.
  • is carried by a public authority or body. 

Appointing a representative is not too difficult, you require a service contract with an individual, a company, or organization established in the EU, who must be able to represent you regarding your obligations under the EU GDPR (e.g. a law firm, consultancy or private company).

Of course, you need also to comply with all the GDPR requirements.

You can find more information here:

You can also consider enrolling in our free EU GDPR Foundations Course

EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course//

Quote
0 1

Comment as guest or Sign in

HTML tags are not allowed

Aug 07, 2020

Aug 13, 2020

Suggested Topics

Guest user Created:   Feb 23, 2023 EU GDPR
Replies: 1
0 0

Data privacy question