Expert Advice Community

Guest

EU GDPR representative

  Quote
Guest
Guest user Created:   Feb 01, 2021 Last commented:   Feb 01, 2021

EU GDPR representative

The client is a small company that is a staff of four or five. They are based in the US and provide neurologic brain testing for patients usually suffering from a stroke.  The tests are administered by a doctor or a health clinic.  Recently, there is a clinic in Italy that plans on using their software.  The number of patients, for the near future, may only be a few dozen.

I have done some research but can't find an exact answer to these questions:

1. Does the company need to have a formal EU Representative?

2. Are there companies that provide EU Representation services?

3. Does this representative need to keep the Record of Processing Activities?

4. If there is one thing that must be focused on to be GDPR compliant, what would that be?

 

0 0

Assign topic to the user

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Alessandra Nisticò Feb 01, 2021

"The client is a small company that is a staff of four or five. They are based in the US and provide neurologic brain testing for patients usually suffering from a stroke.  The tests are administered by a doctor or a health clinic.  Recently, there is a clinic in Italy that plans on using their software.  The number of patients, for the near future, may only be a few dozen.I have done some research but can't find an exact answer to these questions:1. Does the company need to have a formal EU Representative?

Yes, the company needs to have a formal EU Representative because they are offering a service/product in an EU Member State.

Are there companies that provide EU Representation services?

Yes, there are consulting firms and lawyers specialized in GDPR and Data Protection laws that offer this service. The company needs an EU Representative located in the country where the service/product is offered as stated in article 27 paragraph 3 GDPR.

Does this representative need to keep the Record of Processing Activities?

Yes, article 30 GDPR requires that “Each controller and, where applicable, the controller’s representative, shall maintain a record of processing activities under its responsibility.” The Record is required because the project will involve health data, which follow under article 9 GDPR and need special protection (this category of data is also known as sensitive data).

If there is one thing that must be focused on to be GDPR compliant, what would that be?"

There is more than one thing to be focused on to be GDPR compliant, but thinking of your project, involving health data which is the particular category of personal data under Article 9 GDPR, I shall say consent and information to the data subject. Patients need to be informed and aware that their data will be processed and transferred to a US company (transfer shall comply with Standard Contractual Clauses) and of course the security of data processing. Information to data subject and safety of data processed is the core of GDPR. Our Toolkit helps organization implement GDPR requirements.

Here you can find more information for starting to be compliant with GDPR:

If you need to understand how to comply with GDPR, you can consider enrolling in our free online training:

Here you can find all information about our EU GDPR Toolkit and the expert support: https://advisera.com/eugdpracademy/eu-gdpr-documentation-toolkit/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Feb 01, 2021

Feb 01, 2021

Suggested Topics

Guest user Created:   Jan 26, 2021 EU GDPR
Replies: 1
0 0

EU GDPR representative

Guest user Created:   Nov 05, 2018 EU GDPR
Replies: 1
0 0

EU GDPR representative

Guest user Created:   Aug 30, 2021 EU GDPR
Replies: 1
0 0

Complying with EU GDPR