Guest user Created: Feb 18, 2019 Last commented: Feb 18, 2019

Supervisory authority and extra-territorial provisions

Let's imagine that there is a company outside of EU, who offers products and services for EU customers. Of course, this company needs to comply with GDPR. But what happens if this company decides not to comply with GDPR? How can Supervisor Authorities act in this context?

0 0

Assign topic to the user

Select user

Expert

Andrei Hanganu Feb 18, 2019

Answer:

Where the extra-territorial provisions of the EU GDPR apply, the controller or the processor must appoint a representative. That representative must be based in a Member State in which the relevant individuals are based. There is a limited exemption to the obligation to appoint a representative where the processing is occasional, is unlikely to be a risk to individuals and does not involve large scale processing of sensitive personal data.
So, there is this obligation to have a representative in the EU and the representative will have to face the relevant supervisory authorities and accept liability for breach of the Regulation, which could now be substantial.

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Feb 18, 2019

Expert Advice Community