WE SUPPORT YOU IN THE IMPLEMENTATION OF THE GDPR SPECIFICATIONS
Do you need an EU representative under the GDPR?
Controllers or data processers who are not established in the EU are required to have an EU representative:
If you answered “yes” to any of these questions, according to the General Data Protection Regulation (GDPR) you are required to have an EU representative.
Representation in accordance with the GDPR in Germany
Once appointed as an EU representative, we are the central contact point for inquiries from the German supervisory authorities regarding your company's compliance with the GDPR.
As your EU representative we are your contact for inquiries and complaints as data subjects in connection with the processing of personal data by your company.
We will be in close contact with the data protection controllers of your company and will implement the GDPR requirements together in accordance with the law.
On request, we help our non-European companies with our multilingual Robin Data Software to efficiently and pragmatically meet the requirements of the GDPR.
The data of European Union citizens are internationally subject to the European General Data Protection Regulation. Since the European Union is an important economic region in the world, many companies outside of the EU do business within EU. In this context these companies process the personal data of EU citizens. The processing is carried out worldwide according to the so-called "Marketplace principle".
Article 3 paragraph 2 GDPR and Recital 23 thereof specifically stipulate that the personal data of EU citizens processed outside the EU must be protected in accordance with the rules of the GDPR. This means that non-European companies that process data of EU citizens outside of the EU must also comply with and implement the GDPR.
Robin Data provides representation in Germany for non-European companies in accordance to Article 27 GDPR.
Above all, the GDPR improves the rights of data subjects regarding transparency on the processing and deletion of personal data. Furthermore, the GDPR requires that the security of the processing be state-of-the-art and in accordance with Article 32 GDPR.
Data subjects must have the option to voice concerns and complaints about data protection to a specific contact point. The GDPR stipulates that data subjects may assert their rights in regard to companies, including those outside the EU, either directly or through the appropriate supervisory authorities.
For this reason, Article 27 paragraph 1 GDPR states that non-European companies that process the data of EU citizens must appoint an EU representative to act as a central contact for data subjects and supervisory authorities.
Non-European companies which process the personal data of EU citizens
The cosmetic surgery industry is flourishing in Turkey. Due to the attractive costs, Turkish medical practices are often frequented by customers from the EU. For these customers, the respective practices are required to implement the GDPR. Regardless, it makes sense to protect sensitive medical data as effectively as possible. The implementation of the worldwide “gold standard” for data protection, the GDPR, is a clear competitive advantage.
SaaS products from the USA such as computer games and professional business software are popular in the EU. As early as during the trial registration for SaaS products, personal data is collected by the provider and processed in accordance with Article 4 paragraph 2 GDPR. The GDPR also applies to this data even if the server is located in the USA. The provider must implement the GDPR.