We are based in Australia, have no physical or legal presence in the EU. However, about 10% of our business is there. Thus we are becoming compliant.
Reading the legislation and commentaries on it, it's rather ambiguous on how we should choose a supervisory authority. The best I can tell, the answer is to simply pick a country and go with it. UK and Germany are our biggest markets, but given the language barrier, UK is a better choice. But they seem like chaos there with Brexit.
Your document talks about appointing a representative in EU, I've not heard this advice anywhere else.
So the question is:
• Do we definitely need to register with a supervisory authority?
• If so, does it matter which one?
There is a limited exemption to the obligation to appoint a representative where the processing is occasional, is unlikely to be a risk to individuals and does not involve large scale processing of sensitive personal data. So you should first check if this derogation applies to you. If not, then you heed to have a representative in the Union.
You are not requires by the EU GDPR to register that representative with the supervisory authority but this may be a subject to local requirements so you should check those.
We are based in Australia and are setting up an (Art 27) Representative office service and a DPO service based out of the UK for Australian businesses to use. Happy to answer questions. Mike Pym. Gordian 02 8075 3805. You must choose a rep service in one of the countries where your relevant data subjects are located, but that rep service can be used for all of EU Member States data subjects. The rep services is different to a DPO, and you will need both in this case . Brexit will make a difference, but what difference only time will tell! Hope that helps.