FAQ


DSA - Frequently Asked Questions (FAQs)

The Digital Services Act (DSA) is a European Union (EU) regulation that establishes new rules for digital services acting as intermediaries connecting consumers with goods, services and content within the EU. It applies uniformly across all EU member states to both EU-based companies and non-EU companies that offer digital services in the EU.

The DSA applies to a wide range of providers of digital “intermediary services” if their services are offered to users based or located in the EU, including:

  • Internet service providers
  • Providers of cloud computing or web hosting services
  • Providers of web-based messaging services and email services
  • Online marketplaces
  • Social media networks
  • Content-sharing platforms
  • App stores
  • Online search engines
  • Online travel and accommodation platforms

Under the DSA, the concept of “offering” services is interpreted broadly. It applies not only to large online platforms but also to smaller intermediary services. This means that any digital service provider, regardless of size, that offers services to users within the EU must comply with the requirements of the DSA.

If your company provides any of the above services and is based outside the EU, you must appoint an EU legal representative under Article 13 of the DSA.

If your company provides digital services within the EU but is not based there, the DSA requires you to appoint a legal representative. This is a legal requirement and is not based on your assessment of the necessity; it is mandatory for compliance with the DSA. 

Having a legal representative ensures that you meet all regulatory obligations, helps facilitate communication with EU authorities, and protects your company from potential fines and penalties for non-compliance.

A DSA representative acts as a contact point between your business and EU regulatory authorities as well as users. Kanto, as your DSA representative:

  • Serves as the recipient of any legal or regulatory communications on behalf of the company.
  • Receives inquiries from authorities addressed to your business and facilitates communication with your business.
  • Assists with compliance with decisions made by these authorities. 
  • Facilitates cooperation with EU authorities during investigations or audits regarding digital services provided.
 

Legal representatives can also be held liable for non-compliance with the DSA, in addition to any liability faced by the company itself.

If you fail to appoint a DSA representative, your business can face significant fines and penalties:

  • Fines of up to 6% of the company’s annual worldwide turnover for the previous financial year
  • Daily penalties of up to 5% of the company’s worldwide turnover for continuous breaches
  • Fines of up to 1% of annual income or global turnover for providing incorrect or incomplete information, failing to respond to authorities, or refusing inspections

Additionally, non-compliance can lead to reputational damage and loss of market access within the EU.

Your DSA representative must be based in the EU. As an EU-based company, Kanto possesses the necessary knowledge and experience to serve as your DSA representative.

Yes, you are required to make the details of your DSA representative public. This information must be included in your terms and conditions, website and other relevant communications with users. The purpose is to ensure that authorities can easily contact your representative regarding any DSA issues.

Yes, you are obliged to notify regulatory authorities of your DSA representative. Kanto will assist you with this notification, provide you with a template, and send it on your behalf.

Our prices start at EUR 1,500 and are flexible depending on your company’s size and the scale of your digital services. For detailed pricing information and to find the plan that best suits your business, please contact us. 

You must appoint a DSA representative in writing. Kanto facilitates this process with electronic signatures, ensuring a smooth, paperless experience.

To appoint a DSA representative, please contact us at:

info@kantolaw.com
 

We look forward to assisting you. 

GDPR - Frequently Asked Questions (FAQs)

Under Article 27 of the GDPR, companies established outside the European Union (EU) must appoint an EU representative if they:

  • Offer goods or services to individuals in the EU, even if provided for free.
  • Monitor the behaviour of individuals within the EU, such as cookie profiling.
 

The GDPR representative requirement applies to both data controllers and processors, meaning it covers businesses that process personal information for their own purposes as well as those processing it on behalf of another company.

For example, you need a GDPR representative if you run an online shop or marketplace targeting EU customers, provide a cloud-based software solution, or offer an AI service on a SaaS basis.

Under Article 27 of the GDPR, you do not need to appoint a GDPR representative if you data processing:

  • is occasional, non-systematic;
  • does not include large-scale processing of sensitive data (e.g. health, religion, ethnicity) or information related to criminal convictions;
  • is unlikely to result in a risk to the rights and freedoms of individuals.

In practice, meeting all these criteria is challenging, and the exemption from the GDPR representative requirement is rarely applicable for most businesses.

If you fail to appoint a GDPR representative as required under Article 27, your business can face significant fines and penalties. The GDPR imposes fines of up to €10 million or 2% of your global annual turnover, whichever is higher. Additionally, non-compliance can lead to reputational damage.

A GDPR representative acts as a contact point between your business and EU data protection authorities and individuals. Kanto, as your GDPR representative:

  • Receives inquiries from authorities and individuals addressed to your business and facilitates communication with your business.
  • Assists with maintaining records of processing activities to ensure they meet GDPR requirements.
  • Facilitates communication and cooperation with EU supervisory authorities during investigations or audits.

These are mandatory tasks of a GDPR representative.

A GDPR representative should be appointed in an EU Member State. You are not required to have a representative in each Member State. A single representative will cover all other Member States.

If a large portion of your customer base is in a specific Member State, it is advisable to appoint your representative there. With Kanto, your GDPR representative will always be accessible.

Yes, you are required to make the details of your GDPR representative public. This information must be included in your privacy notice and other relevant communications with data subjects. The purpose is to ensure that individuals and data protection authorities can easily contact your representative regarding any data protection issues.

No, you are not specifically obliged to notify data protection authorities of your GDPR representative. However, you must ensure that the representative’s contact details are readily available in your privacy notice and other communications with data subjects.

Your GDPR representative does not assume your legal liability for GDPR compliance. This is explicitly outlined in the GDPR provisions. Kanto facilitates communication with data protection authorities and data subjects with your business.

Kanto provides a range of services as your GDPR representative, including:

  • Facilitating communication with EU data protection authorities and data subjects.
  • Assisting in creating and maintaining records of processing activities required from you by the GDPR.
  • Facilitating cooperation with EU supervisory authorities during investigations or audits.

Additionally, Kanto’s group companies are eligible to serve as your UK representative and Swiss representative.

Kanto serves as your reliable GDPR representative.

Within Kanto Group, you can receive advice on your general GDPR compliance from our team of legal experts and IAPP-certified privacy professionals.

Yes, Kanto Group can serve as your Data Protection Officer (DPO). The DPO oversees your data protection strategy and ensures compliance with GDPR across your entire organisation.

By appointing us as your DPO, you benefit from our extensive expertise and dedicated focus on maintaining your data protection standards.

You must appoint a GDPR representative in writing. Kanto facilitates this process with electronic signatures, ensuring a smooth, paperless experience.

To appoint a GDPR representative, please contact us at:

info@kantolaw.com
 

We look forward to assisting you with your GDPR compliance needs.

Our prices start at EUR 1,500 and are flexible depending on your company’s size. For detailed pricing information and to find the plan that best suits your business, please contact us.

Are you ready to address your EU representation needs?

Book your free consultation online and discover how we can assist you 

Schedule Your Free Consultation

Unit 4 First Floor, 84 Strand Street, Skerries, Dublin, Ireland

info@kantolaw.com

+ 353 1 270 9269

 

Kanto

Legal Documents

Copyright 2025 KANTO. All Rights Reserved.