Controller Representative or Foreign Processor
The appointment of a representative on EU territory [Recital (80) and art. 27] is prescribed for the company
• Controller or Processor
• which does not have an establishment in the EU territory
• which deals with the personal data of data subjects who are in the Union
• whose processing activities are related to the provision of goods or the provision of services to data subjects in the Union or the monitoring of their behavior within the Union
Obligation is excluded if
• the processing is occasional,
• does not include “sensitive” or “judicial” large-scale processing and is unlikely to present a risk to the rights and freedoms of data subjects, taking into account the nature, context, scope, and purpose of the processing
• the data controller is a public authority or public body.
The representative may be both an individual and a company, it is designated by a written mandate, and acts on behalf of the Controller or the Processor with respect to the obligations that derive from the regulation.
The designation of the representative does not affect the general liability of the Controller or Processor under the Regulation.