New Fine Highlights the Necessity of EU-GDPR Article 27 Representation for US Companies

Written by

Achieved Compliance

Several EU data protection authorities have investigated and sanctioned Clearview AI. However, Italy’s recent sanction stood out, as it also sanctioned Clearview for failure to appoint Article 27 Representation.

They fined Clearview €600,000 (~$650,000) specifically for this failure. We believe this should be a wake-up call for all companies based outside of the European Union who handle European data subject to personal information.

Why is an EU-based Article 27 representative required?

The EU Data Protection Board requires US organizations doing business in the EU to appoint an EU-based representative to act as the local-facing contact for both regulators and EU citizens. GDPR requires ease of access to reach a company by the regulators or citizens, and a very timely response to inquiries or complaints.

Achieved Compliance offers a comprehensive and fixed-fee package that gets you into compliance with this requirement quickly and smoothly. Plus, you have access to the Achieved Compliance team to draw on its combined 40 years of client counseling and international policy experience. Our package includes:

  • Trusted on-the-ground representation, with support in the US/EU/UK.
  • Automated number, tracking, and docketing of due dates of incoming Subject Access Requests
  • Standard Operating Procedures for responding to Subject Access Requests
  • Real-Time Reports of correspondence with data subjects
  • Privacy and breach counsel in all EU member states and the UK
  • An EU-based platform for the required Article 30 Processing Records

Explore how this issue affects your company and how we can help with Article 27 representation during your free consultation. Contact us today!