Who Should Designate a Representative?
In the case where a data controller established outside of the European Union makes use of equipment for the processing of data, automated or otherwise, situated on the territory of the said Member State, the controller must designate a Representative established within the territory of the said Member State.
Why Do I Need a Representative?
The Representative is the point of contact and reference point for all types of requests made by European authorities and by data subjects.
The data controller may choose to delegate to the Representative the obligation to inform data subjects to their representative established within the European Union.
The data controller may also decide to delegate to the Representative the obligation to notify supervisory authorities of their data processing (CNIL notifications, authorization requests).
Role and Duties of the Representative within the General Data Protection Regulation
With the adoption of the European Regulation on data protection, the Representative’s role is being reinforced:
- The data processors will also have the obligation to designate a Representative;
- The Representative shall be empowered to act on behalf of the data controller or the data processor. Supervisory authorities and data subjects shall consult the Representative either with or in lieu of the data controller/processor for any question regarding data processing.
- The accountability will not be transferred to the representative (ex: in case of violations of personal data linked to the data processing).
- However, according to Recital 63 of the Regulation, the Representative “should be subjected to enforcement actions in case of non-compliance by the controller”.
- The Representative also has the obligation to cooperate with supervisory authorities.
CIL CONSULTING by TNP is YOUR Representative in France.