SPRING DISCOUNT
Get 30% off on toolkits, course exams, and books.
Limited-time offer – ends May 26, 2022
Use promo code:
SPRING30

Expert Advice Community

Guest

Supervisory authority

  Quote
Guest
Guest user Created:   Apr 12, 2018 Last commented:   Apr 18, 2018

Supervisory authority

I'm going through the personal data protection policy. There's a section on supervisory authority.
0 0

Assign topic to the user

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Andrei Hanganu Apr 12, 2018
We are based in Australia, have no physical or legal presence in the EU. However, about 10% of our business is there. Thus we are becoming compliant.
Reading the legislation and commentaries on it, it's rather ambiguous on how we should choose a supervisory authority. The best I can tell, the answer is to simply pick a country and go with it. UK and Germany are our biggest markets, but given the language barrier, UK is a better choice. But they seem like chaos there with Brexit.
Your document talks about appointing a representative in EU, I've not heard this advice anywhere else.
So the question is:
• Do we definitely need to register with a supervisory authority?
• If so, does it matter which one?

Answer:

Article 27 – “Representatives of controllers or processors not established in the Union” https://advisera.com/eugdpracademy/gdpr/representatives-of-controllers-or-processors-not-established-in-the-union/ of the EU GDRPR requires controllers and processor that are not established in the Union but are processing data of individual in the Union to appoint a representative.

There is a limited exemption to the obligation to appoint a representative where the processing is occasional, is unlikely to be a risk to individuals and does not involve large scale processing of sensitive personal data. So you should first check if this derogation applies to you. If not, then you heed to have a representative in the Union.

You are not requires by the EU GDPR to register that representative with the supervisory authority but this may be a subject to local requirements so you should check those.
Quote
0 0
Guest
mikepym Apr 18, 2018
We are based in Australia and are setting up an (Art 27) Representative office service and a DPO service based out of the UK for Australian businesses to use. Happy to answer questions. Mike Pym. Gordian 02 8075 3805. You must choose a rep service in one of the countries where your relevant data subjects are located, but that rep service can be used for all of EU Member States data subjects. The rep services is different to a DPO, and you will need both in this case . Brexit will make a difference, but what difference only time will tell! Hope that helps.
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Apr 12, 2018

Apr 18, 2018