OUR EU REPRESENTATIVE SERVICES

We provide a full range of high-quality representation services

EDPO is based in Brussels, the capital of the EU and provides high-quality services as your EU Data Protection Representative.

EU Representation services in the entire EU/EEA

Data Subject Access Requests (DSARs)

Requests from Data Protection Authorities (DPAs)

EU Representation services in the entire EU/EEA

We act in your name and on your behalf in the entire EU/EEA for GDPR purposes. We are located in Brussels, the EU’s capital, and are therefore close to EU institutions, decision-makers and influencers. We are also present in Paris, London, Dublin, Berlin and Madrid to support you as closely as possible as your GDPR representative. Additional offices will open shortly in other EU countries. As confirmed by the Guidelines of the European Data Protection Board, your EU representative must only be established in one – and only one – of the Member States where the data subjects whose personal data your company processes are located. If your company processes personal data of individuals who are located in more than one EU country, then you can choose in which country to appoint your EU representative.

Data Subject Access Requests (DSARs)

We handle an unlimited number of DSARs across the entire EU/EEA. By “handling”, we mean that we receive requests, perform identity checks (if you instruct us to do so), forward the requests to you (with a free English translation if needed), answer your questions as to best practices on how to respond to the requests and reply to the data subjects on your behalf (with, again, a free translation if needed), unless you choose to answer yourself. We aren’t just a mailbox or message forwarding service.

Requests from Data Protection Authorities (DPAs)

We handle an unlimited number of requests from DPAs in the EU/EEA. We understand that it can be quite daunting for companies to be contacted by DPA’s. That’s why our team handles such requests with great care and diligence (including free translation if needed).

Data Breach Notification Support

Compliance certificate

Top-level security storage of your Article 30 record of processing activities

Data Breach Notification Support

We assist and support you in the handling of an unlimited number of data breach notifications in the EU/EEA. Given that every data protection authority (DPA) has different requirements for data breach notifications (including filing in the country’s official language), the entire process can be very challenging – especially given the tight 72-hour deadline to notify a data breach to the DPAs. EDPO uses a unique data breach notification platform that consolidates all of the questions of all of the data breach notification forms in the entire EU/EA in English and then translates the answers back into the original language of the respective national EU/EEA countries. We can therefore give you a huge head start in your data breach notification filings by reducing the time and resources – and stress! – required to complete your data breach notifications.

IMPORTANT NOTICE IN CASE OF DATE BREACH:  Our contract will not automatically terminate in the event that you experience a data breach. We support you all the time and all the way.

Compliance Certificate

We provide you with a GDPR Article 27 Compliance Certificate based on data protection technology through a unique high-level encryption / decryption process (including Blockchain technology) which can be used on your website and on your company material.

Top-level security storage of your Article 30 register of processing activities

Your GDPR Article 30 record of processing activities is kept on a highly secure platform that is certified with the latest and most comprehensive in-depth security certification – ISO/IEC 27001:2013 – which covers its entire business, people, processes, procedures and platform. You don’t have an Article 30 record of processing activities? We’ll be more than happy to provide you with referrals of templates and/or experts who can help you set one up.

Dedicated Client Support

Translation

Privacy Policy / Documentation wording

Dedicated Client Support

We answer your questions and keep you informed on GDPR matters that can impact your non-EU business. Our team of experts cover all aspects of the GDPR (legal, IT, security, risk management, governance, etc.).

Translation

We provide you with an free English translation of all requests from data subjects and data protection authorities as well as a free English-to-original language reply.

Privacy Policy/Documentation wording

We provide you with the wording that you have to include in your privacy policy on your website or in other documents (e.g. those required in clinical trials) with respect to the appointment of EDPO as your EU representative, including EDPO’s contact details and logo.

Representation services in the entire EU/EEA

We act in your name and on your behalf in the entire EU/EEA for GDPR purposes. We are located in Brussels, the EU’s capital, and are therefore close to EU institutions, decision-makers and influencers. We are also present in Paris, London, Dublin, Berlin and Madrid to support you as closely as possible as your GDPR representative. Additional offices will open shortly in other EU countries. As confirmed by the Guidelines of the European Data Protection Board (ajouter lien), your EU representative must only be established in one – and only one – of the Member States where the data subjects whose personal data your company processes are located. If your company processes personal data of individuals who are located in more than one EU country, then you can choose in which country to appoint your EU representative.

Data Subject Access Requests (DSARs)

We handle an unlimited number of DSARs across the entire EU/EEA. By “handling”, we mean that we receive requests, perform identity checks (if you instruct us to do so), forward the requests to you (with a free English translation if needed), answer your questions as to best practices on how to respond to the requests and reply to the data subjects on your behalf (with, again, a free translation if needed), unless you choose to answer yourself. We aren’t just a mailbox or message forwarding service.

Requests from Data Protection Authorities (DPAs)

We handle an unlimited number of requests from DPAs in the EU/EEA. We understand that it can be quite daunting for companies to be contacted by DPA’s. That’s why our team handles such requests with great care and diligence (including free translation if needed).

Data Breach Notification Support

We assist and support you in the handling of an unlimited number of data breach notifications in the EU/EEA. Whereas EU companies must only notify a data breach to their lead DPA in the EU/EEA (this is called the “one-stop-shop principle”), non-EU companies must notify the DPA’s in ALL Member States of the EU and the EEA (which means a total of 46 DPA’s because some Member States, like Germany, have more than just one DPA)  – unless EU personal data is only processed in specific EU/EEA countries, in which case the data breaches should only be notified to the DPA’s of those countries. The one-stop-shop principle does not apply to non-EU companies. Given that every DPA has different requirements for data breach notifications (including filing in the country’s official language), the entire process can be very challenging – especially given the tight 72-hour deadline.

IMPORTANT NOTICE IN CASE OF DATE BREACH:  Our contract will not automatically terminate in the event that you experience a data breach. We support you all the time and all the way.

Compliance certificate

We provide you with a GDPR Article 27 Compliance Certificate based on data protection technology through a unique high-level encryption / decryption process (including Blockchain technology) which can be used on your website and on your company material.

Top-level security storage of your Article 30 record of processing activities

Your GDPR Article 30 record of processing activities is kept on a highly secure platform that is hosted in a data center that has the highest security levels Europe, guaranteed via international standards and certifications (including ISO 27001, ISO 20000, ISO 22301, PCI DSS, Tier IV Design & Constructed Facility, etc.). You don’t have an Article 30 record of processing activities? We’ll be more than happy to provide you with referrals of templates and/or experts who can help you set one up.

Dedicated Client Support

We answer your questions and keep you informed on GDPR matters that can impact your non-EU business. Our team of experts cover all aspects of the GDPR (legal, IT, security, risk management, governance, etc.).

Translation

We provide you with an English translation of all requests from data subjects and data protection authorities as well as a free English-to-original language reply.

Privacy Policy/Documentation wording

We provide you with the wording that you have to include in your privacy policy on your website or in other documents (e.g. those required in clinical trials) with respect to the appointment of EDPO as your EU representative, including EDPO’s contact details and logo.

What should you look for in an EU Data Protection Representative ?

European Data Protection Office

EDPO • Avenue Huart Hamoir 71, 1030 Brussels • Belgium

  VAT : BE0689.629.220 • E-mail : info@edpo.com