Cookies notice for amc.law

We use cookies on amc.law to give you the most relevant experience by remembering your preferences and repeat visits. By clicking 'Accept All', you consent to the use of all cookies we use on amc.law. Read more

Privacy Overview
This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Always Active
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
  • Cookie
    cookielawinfo-checkbox-necessary
  • Duration
    11 months
  • Description
    This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
  • Cookie
    cookielawinfo-checbox-functional
  • Duration
    11 months
  • Description
    The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
  • Cookie
    cookielawinfo-checkbox-performance
  • Duration
    11 months
  • Description
    This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
  • Cookie
    cookielawinfo-checbox-analytics
  • Duration
    11 months
  • Description
    This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
  • Cookie
    cookielawinfo-checbox-others
  • Duration
    11 months
  • Description
    This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
  • Cookie
    viewed_cookie_policy
  • Duration
    11 months
  • Description
    The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Always Active
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.

No cookies to display.

Always Active
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Always Active
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Always Active
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.

No cookies to display.

Always Active
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.

No cookies to display.

Digital EU LawSeptember 16, 2017

Companies outside the EU may have data protection compliance obligations under the GDPR

Much focus has centred on the impact of the GDPR on data transfers involving processors and controllers in the EU.  The increased territorial scope of the GDPR means that even businesses based outside the EU will need to ensure they take steps to comply with the GDPR, including in some cases appointing a EU representative.

The following are the key considerations arising under the GDPR for non-EU businesses:

Which non-EU businesses are caught under the GDPR?

The GDPR applies to non-EU entities that are controllers and processors processing personal data of individuals who are in the EU, if the processing activities relate to:

  • the offering of goods or services to data subjects in the EU (irrespective of whether the goods/services are offered for a fee or for free), or
  • the monitoring of the behaviour of the data subjects, as long as their behaviour takes place in the EU.

What fines apply under the GDPR?

The GDPR adopts a tiered approach to fines, however Data Protection Authorities can impose fines for certain infringements of up to the higher of 4% of annual global turnover or EUR 20 million.

What does the obligation to appoint an EU representative entail and who does it apply to?

Non-EU resident controllers and processors that are obliged to comply with the GDPR must appoint representatives within the EU to act as a point of contact for the EU personal data subjects and regulators on all issues relation to processing, for the purposes of compliance with the GDPR.  Certain types of processing are exempt including where processing carried out by a public authority or body.

The EU representative must be established in one of the EU member states where the affected data subjects are located.

What obligations do non-EU businesses have in relation to international transfers of data?

The GDPR expands the list of appropriate safeguards which allow a controller or processor to implement international transfers of data (for example, the GDPR recognises binding corporate rules and sets out conditions related to international transfers of data).

In light of the increased penalties and the reputational damage attaching to non-compliance in the area of data protection, a multinational company may wish to audit its existing intra-group data transfer arrangements or consider developing binding corporate rules to align more closely with the GDPR.

What are key dates and steps that non-EU businesses should take into account in light of the GDPR?

The GDPR has come into force and is applicable from 25 May 2018.  By this date all non-EU businesses will have to determine:

  • Whether they fall within the scope of the GDPR
  • Whether any operational and/or technical measures will have to be implemented in the business in order to comply with the GDPR
  • Whether their cross-border/intra-group personal data transfers require are compliant with the GDPR or whether they might wish to adopt binding corporate rules
  • Whether there are any local data protection rules that the business will need to take into account
  • Whether an EU representative needs to be appointed and necessary notifications made

The GDPR is a complex area of legal compliance which has ramifications for all companies with activity in the EU, regardless of whether their headquarters or the majority of their operations are based within the EU or elsewhere.

The GDPR is wider in scope than its predecessor and data controllers and processors, including non-EU businesses caught by the GDPR, must have undertaken self-assessments, audits, compliance paper trails and the like to ensure compliance by 25 May 2018.

GDPR Representation in the EU

Our firm provides representation services in the EU for non-EU controllers and processors. Our extensive GDPR expertise, our regulated law firm status and our top tier rankings in EU law have made Antoniou McCollum & Co. the primary choice for non-EU businesses in need of a GDPR representative in the EU.

Contact us to establish whether your operations require the appointment of a representative under the GDPR or enquire about our GDPR representation services.

error: