CYBERLEGIS.legal accepts all common cryptocurrencies for payment.
All legal staff at CYBERLEGIS is fluent in English and will integrate seamlessly into corporate communication streams. In 2017 Robert Niedermeier started to focus on Digital Marketing in the European Union. CYBERLEGIS will provide profound advise on any legal, organisational and strategical topic in the field of Data Protection, Data security and GDPR. CYBERLEGIS.legal is the chancellering law firm to Data Business Services GmbH & Co. KG a company providing external Data Protection Officers to businesses all over Europe.
With 30 Years of Expertise in Data Protection and Data Security
With headquarters in Munich Downtown, Germany, RAe Niedermeier is an European Lawfirm GmBH specializing in EU representative Services under Art 27 GDPR. The goal of CPL is to help its client companies comply with European privacy laws and to support clients with best practice knowledge originating from daily work on Art 27 GDPR topics. Please kindly read the following paragraphs for a better understanding of the said services.
An EU Representative is an EU-based designee of a non-EU establishment (Data Controller or Data Processor) that is subject to the General Data Protection Regulation (GDPR) of the EU. A natural (individual) or moral (corporation) person can play the role of an EU Representative. The EU Representative is the Controller’s or Processor’s contact person vis-à-vis European privacy supervisors and data subjects in all matters relating to data processing, to ensure compliance with this GDPR. See Art. 27(4)GDPR. The purpose of such representation is to enable the European data protection supervisory authorities to ensure compliance with the GDPR, by being able to control or supervise the activities of the non-EU establishments that are subject to the GDPR, through their respective representatives in the EU.
An EU Representative is an EU-based designee of a non-EU establishment (Data Controller or Data Processor) that is subject to the General Data Protection Regulation (GDPR) of the EU. A natural (individual) or moral (corporation) person can play the role of an EU Representative. The EU Representative is the Controller’s or Processor’s contact person vis-à-vis European privacy supervisors and data subjects in all matters relating to data processing, to ensure compliance with this GDPR. See Art. 27(4)GDPR. The purpose of such representation is to enable the European data protection supervisory authorities to ensure compliance with the GDPR, by being able to control or supervise the activities of the non-EU establishments that are subject to the GDPR, through their respective representatives in the EU.
It is worth stating that all establishments in the EU are subject to the GDPR, irrespective of whether the establishment is the company’s head office or just a simple branch or a representation, and irrespective of where the processing takes place. However, a non-EU establishment shall be subject to the GDPR if it regularly undertakes one of the following activities: (a) the offering of goods or services, irrespective of whether a payment of the data subject is required, to data subjects in the EU; and/or (b) the monitoring of the behavior of data subjects in the EU, as far as their behavior takes place within the EU (see Art. 3(2) GDPR). This provision concerns any company that offers goods or services online to EU customers or uses cookies or similar technologies to track EU data subjects. Such establishments must comply with the GDPR, and thus obliged to designate an EU Representative.
However, a non-EU establishment is exempted from designating an EU Representative when the processing is only occasional and does not include, on a large scale, processing of special categories of data as referred to in Article 9(1) GDPR or processing of personal data relating to criminal convictions and offences referred to in Article 10 GDPR, and such processing is unlikely to result in a risk to the rights and freedoms of natural persons, taking into account the nature, context, scope and purposes of the processing. Non-EU public authorities and bodies are equally exempted. See Art. 27(2) GDPR.
As earlier mentioned, for a non-EU establishment to be exempted from the EU representation obligation, the company must either be a public body, or has at least a branch or a “representation” in the EU. So a European affiliate of a non-EU establishment is not a branch of the latter, and as such the non-EU establishment remains obliged to designate an EU Representative. The non-EU establishment may choose to designate its EU affiliate as its Representative. However, this type of representation has some shortcomings. Firstly, the object of the EU affiliate may not be data protection, so it would be of little help to the non-EU affiliate. Secondly, EU Representation and the associated data protection activities may not fall within the scope of the company’s insured activities. Thirdly and lastly, giving advice and monitoring the activities of the non-EU company as well as cooperating with the European regulators on the latter’s behalf, may not fall within the scope of activities of the DPO of the European affiliate. Moreover, this may rather seem to be over-demanding, especially if the DPO is a natural person.
It is worth noting that the GDPR, in force since 25 May 2018, is known for being the most rigorous privacy law on earth at the moment, particularly due to its heavy fines and its extraterritorial character. If a foreign company that is subject to the GDPR refuses to designate an EU Representative as required, then the former is infringing the GDPR and runs the risk of being imposed an administrative fine of up to ten million Euros (10 000 000 EUR) or up to 2 percent of a company’s total worldwide annual turnover of the preceding financial year, whichever is higher. Ignorance of the GDPR would not be an excuse, and the intentional or negligent (willful blindness) character of the infringement (failure to designate an EU Representative) may rather constitute aggravating factors. See Art. 83(1),(2)&(4a) GDPR. It is for these very reasons that most foreign companies are in a haste to designate their respective EU Representatives, and CPL is here to help you have one.
The designation procedure quite is simple. If you would like to start by
contacting the management of CPL, then kindly send an email to:
Mobile: +49 171 2440099
Generally, you would receive a reply within 24 hours.
We have standard document designating one of our expert Lawyers as your EU Representative. In this regard, you would receive a draft designation document, which you would print, sign, and send by post, in accordance with Art. 27(1) GDPR.
The Security of EU Network & Information Systems Regulations (NIS Regulations; NISD - NIS Directive Implementation Act; NISG – Netz- und Informationssystemsicherheitsgesetz) called NIS Directive in the following - provide legal measures to boost the level of security (both cyber & physical resilience) of network and information systems for the provision of essential services and digital services.
The NIS Directive not only applies to EU-based companies but also to DSPs without an establishment in the EU if they offer their services there. These companies also have to designate an EU Representative.
(Further information: EU REP_Cyberlegis_Flyer_2021)
Download
(Further information: UK REP_Cyberlegis_Flyer_2021)
(Further information: NIS REP_Cyberlegis_Flyer_2021)
(Further information: Cyberlegis_Flyer_2021)
(Further information: NetzDG REP_CYBERLEGIS_Flyer_2022)
(Further information: HinSchG_Whistleblower System_Cyberlegis_Flyer_2023)
Cyberlegis provides all types of Trustee and Escrow services for IT and non IT Sector.
In case of such services the T&C you can download here apply.
Digital Services Act Coverage, Article 13
Download here: