News

The European General Court has upheld the EU–US Data Privacy Framework, providing much-needed clarity and stability for businesses transferring personal data across the Atlantic. This ruling reinforces that data can flow safely between the EU and the U.S. while meeting strict privacy standards. For non-EU companies, compliance with the GDPR also requires appointing a Data Protection Representative in the EU—a crucial step for legal certainty, customer trust, and smooth international operations.

When KLM reported a recent data breach, it wasn’t financial data at risk but customer trust. The case raises a critical question: if your company handles EU, UK, or Swiss personal data, are you prepared — with a local data protection representative — to respond lawfully when incidents happen?

Appointing data protection representatives is a separate requirement for the EU, UK, and Switzerland—one representative does not cover all. Failure to comply can lead to substantial fines and regulatory challenges. Kanto offers a simple solution with coordinated representation across all three jurisdictions, helping you stay compliant with one point of contact.

Non-EU companies offering digital services to EU users must comply with the new EU Digital Services Act, but many are still getting it wrong. From ignoring the legal representative requirement to confusing the DSA with GDPR, these common mistakes can lead to heavy fines and lost market access. Learn what to watch out for and how to stay compliant with ease.

Many businesses outside the EU believe the Digital Services Act doesn’t affect them—but that’s a costly mistake. This article debunks the top 5 myths and explains how the DSA applies to non-EU digital service providers.

The Digital Services Act sets rules for online services used within the European Union, regardless of where the service provider is based. European authorities may investigate and impose penalties on all services that fail to comply.

The European Commission is proposing to simplify the GDPR for small mid-cap companies by extending certain exemptions to companies with fewer than 750 employees. However, the requirement for non-EU businesses to appoint an EU Representative remains unchanged.

The legal representative serves as a local point of contact for regulators and users, facilitating communication, compliance oversight and the exercise of legal rights. In mandating a physical presence within the EU, these regulations ensure that foreign companies are subject to EU jurisdiction and can be held accountable for their obligations, even if they have no physical operations within EU borders.

The Digital Services Act sets rules for online services used within the European Union, regardless of where the service provider is based. European authorities may investigate and impose penalties on all services that fail to comply.

The EU data protection representative acts as a point of contact and liaison between non-EU organisations and European authorities or individuals regarding GDPR compliance. The data protection representative’s primary responsibility is facilitating communication between the organisation, data subjects, and EU supervisory authorities.