MDTI-Legal used to manage Pure-Rep.eu, EU Representative (art 27 GDPR) for non-EU companies.
The EU Rep is a way to control the data controllers located in the EU, for the benefit of non EU companies. It is also a way to control the DPO of such EU Companies, for the benefit of the non-EU Company.
Contrary to what can be read here and there, the EU Rep has never been “just a mailbox”. Mailbox functions are executed by various software without the need for any EU Representative.
However, some clients wanted the EU Rep “to pay fines in advance” thanks to various insurance policies. This does not concern the EU Rep’s own negligence or liability, but a new mission that is not stated anywhere in the GDPR, and which contradicts both GDPR and international private laws and procedures.
This requirement from potential customers – to have someone pay their fine on their behalf – sounds like a suspect request drawing a possible intention to escape their obligations under GDPR thanks to the insurance brought by a thrid party, the EU Rep.
It transfers the burden of the recovery procedure freom the EU authorities to a private profesisonal which is the EU Rep.
Who would be fool enough to accept such request? Indeed, most insurance companies will not cover such risks, and the involved customers are well-known and subject to frequent procedures involving high financial amounts, meaning that the risk is likely to occur and not only once. As a consequence, EU Rep fees and the price of the insurance policy would be high, because the risk itself is high.