Designation of an EU Representative
According to the European General Data Protection Regulation (GDPR) your company is obliged to appoint a representative in the European Union (EU) as contact for all questions on data protection from EU citizens and data protection supervisory authorities if both of the following conditions are
1. Your company is not established in the EU
This is the case if
- you do not have an office in an EU member state,
- you do not have a subsidiary in an EU member state, and
- you do not have any other kind of establishment in an EU member state.
2. Your company processes the data of people located in the EU
Your company processes the data of persons in the Union either in connection with the supply of goods or services (a) or to monitor the behaviour of these persons (b).
a) Offering Services or Products to Data Subjects in the EU
This is typically the case if you
- sell goods via an online shop,
- provide an online service or app
- deliver goods to customers in EU member states
- use EU website domains, such as .de, .fr, .es or .eu
- use languages (on your website) or accept currencies of at least one EU member state (e.g. US company accepts Euro, Chinese company with German website)
- use specific product branding for the EU market
- run marketing campaigns aiming at the EU market (e.g. landing pages for EU visitors, competition, raffle), or
- provide specific contact details for EU customers.
b) Monitoring the Behaviour of People in the EU
The GDPR also covers the processing of data for the purpose of monitoring the behaviour of individuals in the EU. This is typically the case if your company
- tracks website visitors from the EU by using cookies or device fingerprinting,
- collects location or behavioral data (e.g. through websites, mobile apps or market surveys), or
- offers fitness tracking, personalised diet and health analytics services online.