OUR SERVICES
We provide a full range of high-quality representation services
Representation services in the entire EU/EEA
Data Subject Access Requests (DSARs)
Requests from Data Protection Authorities (DPAs)
Representation services in the entire EU/EEA
We act in your name and on your behalf in the entire EU/EEA for GDPR purposes. We are located in Brussels, the EU’s capital, and are therefore close to EU institutions, decision-makers and influencers. We are also present in Paris, London, Dublin, Berlin and Madrid to support you as closely as possible as your GDPR representative. Additional offices will open shortly in other EU countries. As confirmed by the Guidelines of the European Data Protection Board, your EU representative must only be established in one – and only one – of the Member States where the data subjects whose personal data your company processes are located. If your company processes personal data of individuals who are located in more than one EU country, then you can choose in which country to appoint your EU representative.
Data Subject Access Requests (DSARs)
We handle an unlimited number of DSARs across the entire EU/EEA. By “handling”, we mean that we receive requests, perform identity checks (if you instruct us to do so), forward the requests to you (with a free English translation if needed), answer your questions as to best practices on how to respond to the requests and reply to the data subjects on your behalf (with, again, a free translation if needed), unless you choose to answer yourself. We aren’t just a mailbox or message forwarding service.
Requests from Data Protection Authorities (DPAs)
We handle an unlimited number of requests from DPAs in the EU/EEA. We understand that it can be quite daunting for companies to be contacted by DPA’s. That’s why our team handles such requests with great care and diligence (including free translation if needed).
Data Breach Notification Support
Compliance certificate
Top-level security storage of your Article 30 register of processing activities
Data Breach Notification Support
We assist and support you in the handling of an unlimited number of data breach notifications in the EU/EEA. Whereas EU companies must only notify a data breach to their lead DPA in the EU/EEA (this is called the “one-stop-shop principle”), non-EU companies must notify the DPA’s in ALL Member States of the EU and the EEA (which means a total of 46 DPA’s because some Member States, like Germany, have more than just one DPA) – unless EU personal data is only processed in specific EU/EEA countries, in which case the data breaches should only be notified to the DPA’s of those countries. The one-stop-shop principle does not apply to non-EU companies. Given that every DPA has different requirements for data breach notifications (including filing in the country’s official language), the entire process can be very challenging – especially given the tight 72-hour deadline.
IMPORTANT NOTICE IN CASE OF DATE BREACH: Our contract will not automatically terminate in the event that you experience a data breach. We support you all the time and all the way.
Compliance Certificate
We provide you with a GDPR Article 27 Compliance Certificate based on data protection technology through a unique high-level encryption / decryption process (including Blockchain technology) which can be used on your website and on your company material.
Top-level security storage of your Article 30 register of processing activities
Your GDPR Article 30 record of processing activities is kept on a highly secure platform that is hosted in a data center that has the highest security levels Europe, guaranteed via international standards and certifications (including ISO 27001, ISO 20000, ISO 22301, PCI DSS, Tier IV Design & Constructed Facility, etc.). You don’t have an Article 30 record of processing activities? We’ll be more than happy to provide you with referrals of templates and/or experts who can help you set one up.
Dedicated Client Support
Translation
Privacy Policy / Documentation wording
Dedicated Client Support
We answer your questions and keep you informed on GDPR matters that can impact your non-EU business. Our team of experts cover all aspects of the GDPR (legal, IT, security, risk management, governance, etc.).
Translation
We provide you with an free English translation of all requests from data subjects and data protection authorities as well as a free English-to-original language reply.
Privacy Policy/Documentation wording
We provide you with the wording that you have to include in your privacy policy on your website or in other documents (e.g. those required in clinical trials) with respect to the appointment of EDPO as your EU representative, including EDPO’s contact details and logo.
Representation services in the entire EU/EEA
We act in your name and on your behalf in the entire EU/EEA for GDPR purposes. We are located in Brussels, the EU’s capital, and are therefore close to EU institutions, decision-makers and influencers. We are also present in Paris, London, Dublin, Berlin and Madrid to support you as closely as possible as your GDPR representative. Additional offices will open shortly in other EU countries. As confirmed by the Guidelines of the European Data Protection Board (ajouter lien), your EU representative must only be established in one – and only one – of the Member States where the data subjects whose personal data your company processes are located. If your company processes personal data of individuals who are located in more than one EU country, then you can choose in which country to appoint your EU representative.
Data Subject Access Requests (DSARs)
We handle an unlimited number of DSARs across the entire EU/EEA. By “handling”, we mean that we receive requests, perform identity checks (if you instruct us to do so), forward the requests to you (with a free English translation if needed), answer your questions as to best practices on how to respond to the requests and reply to the data subjects on your behalf (with, again, a free translation if needed), unless you choose to answer yourself. We aren’t just a mailbox or message forwarding service.
Requests from Data Protection Authorities (DPAs)
We handle an unlimited number of requests from DPAs in the EU/EEA. We understand that it can be quite daunting for companies to be contacted by DPA’s. That’s why our team handles such requests with great care and diligence (including free translation if needed).
Data Breach Notification Support
We assist and support you in the handling of an unlimited number of data breach notifications in the EU/EEA. Whereas EU companies must only notify a data breach to their lead DPA in the EU/EEA (this is called the “one-stop-shop principle”), non-EU companies must notify the DPA’s in ALL Member States of the EU and the EEA (which means a total of 46 DPA’s because some Member States, like Germany, have more than just one DPA) – unless EU personal data is only processed in specific EU/EEA countries, in which case the data breaches should only be notified to the DPA’s of those countries. The one-stop-shop principle does not apply to non-EU companies. Given that every DPA has different requirements for data breach notifications (including filing in the country’s official language), the entire process can be very challenging – especially given the tight 72-hour deadline.
IMPORTANT NOTICE IN CASE OF DATE BREACH: Our contract will not automatically terminate in the event that you experience a data breach. We support you all the time and all the way.
Compliance certificate
We provide you with a GDPR Article 27 Compliance Certificate based on data protection technology through a unique high-level encryption / decryption process (including Blockchain technology) which can be used on your website and on your company material.
Top-level security storage of your Article 30 register of processing activities
Your GDPR Article 30 record of processing activities is kept on a highly secure platform that is hosted in a data center that has the highest security levels Europe, guaranteed via international standards and certifications (including ISO 27001, ISO 20000, ISO 22301, PCI DSS, Tier IV Design & Constructed Facility, etc.). You don’t have an Article 30 record of processing activities? We’ll be more than happy to provide you with referrals of templates and/or experts who can help you set one up.
Dedicated Client Support
We answer your questions and keep you informed on GDPR matters that can impact your non-EU business. Our team of experts cover all aspects of the GDPR (legal, IT, security, risk management, governance, etc.).
Translation
We provide you with an English translation of all requests from data subjects and data protection authorities as well as a free English-to-original language reply.
Privacy Policy/Documentation wording
We provide you with the wording that you have to include in your privacy policy on your website or in other documents (e.g. those required in clinical trials) with respect to the appointment of EDPO as your EU representative, including EDPO’s contact details and logo.
What should you look for in an EU representative ?
European Data Protection Office
EDPO • Avenue Huart Hamoir 71, 1030 Brussels • Belgium
VAT : BE0689.629.220 • E-mail : info@edpo.com