MDTI-Legal used to manage Pure-Rep.eu, EU Representative (art 27 GDPR) for non-EU companies.
Contrary to what can be read here and there, the EU Rep has never been “just a mailbox”. Nowadays, mailbox functions are executed by various software without the need for any EU Representative. Users are ablme to manage most of their data rights by themselves, and in this respect, an EU Rep is not necessary.
Additionnally, having an EU Rep ‘just to have an EU Rep” does not give the client any right or certification of any kind. This would be simple “make-up” with no substance, and bears the risk of fraudulent behavior by making data subjects beleive that the company is compliant “just because it has an EU Rep”. This is not the purpose of the GDPR.
By analizing both GDPR and the various decision rendered by the EUropean Board for Data Protection, the EU Rep should be understood as a way to control the data controllers located in the EU, for the benefit of non EU companies. It is also a way to control the DPO and/or data practice of such EU Companies, for the benefit of the non-EU Company. It is a protection available to the distant non-EU Company.
However, some clients wanted the EU Rep “to pay fines in advance” thanks to various insurance policies. This does not concern the EU Rep’s own negligence or liability, but a new mission that is not stated anywhere in the GDPR, and which contradicts both GDPR and international private law and procedures. It transfers the burden of the financial recovery procedure from the EU authorities to a private professional which is the EU Rep, and looks like a way to resist GDPR rather than a way to comply with it.
Most insurance companies will not cover such risks, especially because clients with such requests are well-known and subject to frequent procedures resulting in high fines, meaning that the risk is very likely to occur, and not only once.
It is sound to conclude that accepting such mission would be dumb and foolish.
Amongst several elements, this is the main reason why MDTI legal is not taking any new mission as EU Rep.
We still provide advices for GDPR Compliant solutions for CRM and cybersecurity, as well as advices on process improvements to gather consent or claims from your data subjects with an accent on the image of your company as reflected by the said processes.