OUR EU REPRESENTATIVE SERVICES

We provide a full range of high-quality representation services

We are passionate about client service, really passionate. We strive to understand your operations, needs and expectations in order to provide you with personalized services.

EU Representation services in the entire EU/EEA

Data Subject Access Requests (DSARs)

Requests from Data Protection Authorities (DPAs)

EU Representation services in the entire EU/EEA

We act in your name and on your behalf in the entire EU/EEA for GDPR purposes. We are located in Brussels, the EU’s capital, and are therefore close to EU institutions, decision-makers and influencers. We also have offices in Paris, Dublin, Berlin and Madrid* to support you as closely as possible as your GDPR representative. As confirmed by the Guidelines of the European Data Protection Board, your EU representative must only be established in one – and only one – of the EU/EEA countries where the data subjects whose personal data your company processes are located. If your company processes personal data of individuals who are located in more than one EU country, then you can choose in which country to appoint your EU representative.

*Are you looking for another location? We have a solution! Contact us for more information.

Data Subject Access Requests (DSARs)

We handle an unlimited number of DSARs across the entire EU/EEA. By “handling”, we mean that we receive requests, perform identity checks (if you instruct us to do so), forward the requests to you (with a free English translation if needed), answer your questions as to best practices on how to respond to the requests and reply to the data subjects on your behalf (with, again, a free translation if needed), unless you choose to answer yourself. We aren’t just a mailbox or message forwarding service.

Requests from Data Protection Authorities (DPAs)

We handle an unlimited number of requests from DPAs in the EU/EEA. We understand that it can be quite daunting for companies to be contacted by DPA’s. That’s why our team handles such requests with great care and diligence (including free translation if needed).

Data Breach Notification Support

Compliance certificate

Top-level security storage of your Article 30 record of processing activities

Data Breach Notification Support

We assist and support you in the handling of an unlimited number of data breach notifications in the EU/EEA. Given that every data protection authority (DPA) has different requirements for data breach notifications (including filing in the country’s official language), the entire process can be very challenging – especially given the tight 72-hour deadline to notify a data breach to the DPAs. EDPO uses a unique and innovative digital data breach notification platform that consolidates all of the questions of all of the data breach notification forms in the entire EU/EEA in English and then translates the answers back into the original language of the respective national EU/EEA countries. We can therefore give you a huge head start in your data breach notification filings by reducing the time and resources – and stress! – required to complete your data breach notifications.

IMPORTANT NOTICE IN CASE OF DATE BREACH:  Our contract will not automatically terminate in the event that you experience a data breach. We support you all the time and all the way.

Compliance Certificate

We provide you with a GDPR Article 27 Compliance Certificate based on data protection technology through a unique high-level encryption / decryption process (including Blockchain technology) which can be used on your website and on your company material.

Top-level security storage of your Article 30 register of processing activities

Your GDPR Article 30 record of processing activities is kept on a highly secure platform that is certified with the latest and most comprehensive in-depth security certification – ISO/IEC 27001:2013 – which covers its entire business, people, processes, procedures and platform. You don’t have an Article 30 record of processing activities? We’ll be more than happy to provide you with referrals of templates and/or experts who can help you set one up.

Dedicated Client Support

Translation

Privacy Policy / Documentation wording

Dedicated Client Support

We answer your questions and keep you informed on GDPR matters that can impact your non-EU business. Our team covers all aspects of the GDPR (legal, IT, security, risk management, governance, etc.) and our experts are at your disposal to assist you even beyond local office hours and taking into account your international time zone. 

Translation

We provide you with a free English translation of all requests from data subjects and data protection authorities as well as a free English-to-original language reply. We also provide you with access to our digital data breach notification platform which includes an English translation of the data breach notifications forms of the relevant Data Protection Authorities in the EU/EEA. 

Privacy Policy/Documentation wording

We provide you with the wording that you have to include in your privacy policy on your website or in other documents (e.g. those required in clinical trials) with respect to the appointment of EDPO as your EU representative, including EDPO’s contact details and logo.

Representation services in the entire EU/EEA

We act in your name and on your behalf in the entire EU/EEA for GDPR purposes. We are located in Brussels, the EU’s capital, and are therefore close to EU institutions, decision-makers and influencers. We are also present in Paris, London, Dublin, Berlin and Madrid to support you as closely as possible as your GDPR representative. Additional offices will open shortly in other EU countries. As confirmed by the Guidelines of the European Data Protection Board (ajouter lien), your EU representative must only be established in one – and only one – of the Member States where the data subjects whose personal data your company processes are located. If your company processes personal data of individuals who are located in more than one EU country, then you can choose in which country to appoint your EU representative.

Data Subject Access Requests (DSARs)

We handle an unlimited number of DSARs across the entire EU/EEA. By “handling”, we mean that we receive requests, perform identity checks (if you instruct us to do so), forward the requests to you (with a free English translation if needed), answer your questions as to best practices on how to respond to the requests and reply to the data subjects on your behalf (with, again, a free translation if needed), unless you choose to answer yourself. We aren’t just a mailbox or message forwarding service.

Requests from Data Protection Authorities (DPAs)

We handle an unlimited number of requests from DPAs in the EU/EEA. We understand that it can be quite daunting for companies to be contacted by DPA’s. That’s why our team handles such requests with great care and diligence (including free translation if needed).

Data Breach Notification Support

We assist and support you in the handling of an unlimited number of data breach notifications in the EU/EEA. Whereas EU companies must only notify a data breach to their lead DPA in the EU/EEA (this is called the “one-stop-shop principle”), non-EU companies must notify the DPA’s in ALL Member States of the EU and the EEA (which means a total of 46 DPA’s because some Member States, like Germany, have more than just one DPA)  – unless EU personal data is only processed in specific EU/EEA countries, in which case the data breaches should only be notified to the DPA’s of those countries. The one-stop-shop principle does not apply to non-EU companies. Given that every DPA has different requirements for data breach notifications (including filing in the country’s official language), the entire process can be very challenging – especially given the tight 72-hour deadline.

IMPORTANT NOTICE IN CASE OF DATE BREACH:  Our contract will not automatically terminate in the event that you experience a data breach. We support you all the time and all the way.

Compliance certificate

We provide you with a GDPR Article 27 Compliance Certificate based on data protection technology through a unique high-level encryption / decryption process (including Blockchain technology) which can be used on your website and on your company material.

Top-level security storage of your Article 30 record of processing activities

Your GDPR Article 30 record of processing activities is kept on a highly secure platform that is hosted in a data center that has the highest security levels Europe, guaranteed via international standards and certifications (including ISO 27001, ISO 20000, ISO 22301, PCI DSS, Tier IV Design & Constructed Facility, etc.). You don’t have an Article 30 record of processing activities? We’ll be more than happy to provide you with referrals of templates and/or experts who can help you set one up.

Dedicated Client Support

We answer your questions and keep you informed on GDPR matters that can impact your non-EU business. Our team of experts cover all aspects of the GDPR (legal, IT, security, risk management, governance, etc.).

Translation

We provide you with an English translation of all requests from data subjects and data protection authorities as well as a free English-to-original language reply.

Privacy Policy/Documentation wording

We provide you with the wording that you have to include in your privacy policy on your website or in other documents (e.g. those required in clinical trials) with respect to the appointment of EDPO as your EU representative, including EDPO’s contact details and logo.

What should you look for in an EU Data Protection Representative ?

 

Find below our checklist for the appointment of your EU & UK Data Protection Representative

edpo logo What services are included? Are there any extra (hidden) costs?

edpo logo Does the Data Protection Representative simply forward the requests from the data subjects and Data Protection Authorities, or is there an actual handling of such requests?

edpo logo What languages are covered? Is translation included in the fees?

edpo logo Who is the team? What are their qualifications and experience?

edpo logo Does the Data Protection Representative provide data breach notification support?

edpo logo Do they provide a secure Art. 27 Compliance Certificate?

edpo logo Does the Data Protection Representative’s contract terminate automatically in case of a data breach?

edpo logo Are they conflicted by also being a DPO?

edpo logo How responsive are they?

edpo logo How and where do they keep a copy of your register of processing activities? How secure is their platform?

edpo logo How many offices does the Data Protection Representative have and where are they located?

edpo logo Was the Data Protection Representative’s information security system audited?

edpo logo Does the Data Protection Representative have adequate insurance to cover their liability risk?