I am working with a small business (five people) and they have been asked to provide services to an Italian firm. I have been asked to explore what is required. The business is located in the US and is HIPAA compliant. I understand they need an EU representative. Is this accurate and can that be a person or a company? Thank you.
Assign topic to the user
Yes, your company needs an EU Representative in order to be contacted by Data Subjects or from the Surveillance Authority in case of needs. It can be a person (i.e a GDPR expert) or a company.The EU Representative shall be appointed in the country where the services are offered (Article 27 GDPR), so if your company will have an Italian Client, it will be better to appoint an Italian EU Representative.
If you need to know more about EU Representatives and Cross-border data transfer under the EU GDPR, you can consider enrolling in our free online training EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course//
Comment as guest or Sign in
Jan 27, 2021