If your business is based outside the European Union but collects or processes personal data of individuals in the EU, you are legally required to appoint a data protection representative. This representative acts as a point of contact between your company, individuals whose data you handle, and regulatory authorities. Failing to comply can lead to serious financial penalties.
The case law demonstrates that supervisory authorities are actively enforcing this requirement and are willing to impose fines on non-compliant companies. The enforcement actions serve as a reminder of the importance of appointing a representative to avoid penalties.
Businesses That Have Been Fined
Regulators across Europe have already acted against companies that failed to appoint a data protection representative. Here are two notable examples:
- Clearview AI – The Italian Data Protection Authority fined this company €600,000 for failing to appoint an EU representative.
- Locatefamily.com – The Dutch Data Protection Authority fined this company €525,000 for failing to appoint a representative in the EU. Additionally, the authority ordered the company to designate a data protection representative within 12 weeks, with an extra penalty of €20,000 for every two weeks of non-compliance, capped at €120,000.
How Much Could Non-Compliance Cost You?
If your company does not appoint a data protection representative, you risk fines of up to €10 million or 2% of your global annual turnover, whichever is higher. The exact fine will depend on the size of your business and the extent of your non-compliance. Smaller companies may receive lower fines, but the financial and reputational damage can still be significant.
UK Regulations
Similarly, if your company processes personal data of individuals in the United Kingdom, you must appoint a UK data protection representative. The Information Commissioner’s Office enforces this requirement and can issue fines of up to £8.7 million or 2% of your global annual turnover.
Avoid Fines and Protect Your Business
Appointing a data protection representative is a legal requirement, but it also makes business sense. It helps you avoid fines and ensures you are prepared if regulators request information about your data processing activities.
If your business processes data from individuals in the EU or UK, do not wait until regulators come knocking. Get in touch with us today or a free 20-minute discussion to protect your business with our expert data protection representatives in the EU and the UK.
Image by macrovector_official on Freepik
