Do you all have a group that would serve as a European Representative for a US company doing business in Europe as a GDPR Data Processor?
Also, with the news on Friday that the US and EU have agreed to allowing data to be stored on US soil, does that mean that European patient data can be hosted on AWS platforms in USA, not needing an AWS platform in EU?
If you need to have an EU - Representative per Article 27 GDPR - Representatives of controllers or processors not established in the Union – you must choose a company that will represent your commercial interests and that is ready to take the responsibility for such an important task. This is why usually companies appoint wholly-owned EU subsidiaries or consultancy companies with which they sign a services contract detailing all the responsibilities and clear accountabilities for each party. We have such a template for an Agreement for the Appointment of an EU Representative, part of our EU GDPR Toolkit.
Regarding the recent announcement of the Trans-Atlantic Data Privacy Framework, it is not a final agreement, it is only an announcement for a future legal agreement. No legal details have been shared, moreover, it is clearly stated that “The teams of the U.S. government and the European Commission will now continue their cooperation with a view to translating this arrangement into legal documents that will need to be adopted on both sides to put in place this new Trans-Atlantic Data Privacy Framework”.