New Fine Highlights the Necessity of EU-GDPR Article 27 Representation for US Companies Not Established in the EU

Written by

Clearview AI has been investigated and sanctioned by a number of different EU data protection authorities. However, Italy’s recent sanction stood out as it also sanctioned Clearview for failure to appoint an Article 27 Representative.

They fined Clearview €600,000 (~$650,000) specifically for this failure.  We believe this should be a wake-up call for all companies based outside of the European Union who handle European data subject to personal information.

Why is an EU-based Article 27 representative required?

The EU Data Protection Board requires US organizations doing business in the EU to appoint an EU-based representative to act as the local-facing contact for both regulators and EU citizens. GDPR requires ease of access to reach a company by the regulators or citizens, and a very timely response to inquiries or complaints.

Achieved Compliance offers a comprehensive and fixed-fee package that gets you into compliance with this requirement quickly and smoothly. Plus, you have access to the Achieved Compliance team to draw on its combined 40 years of client counseling and international policy experience. Our package includes:

  • Trusted on-the-ground representation, with support in the US/EU/UK.
  • Automated number, tracking, and docketing of due dates of incoming Subject Access Requests
  • Standard Operating Procedures for responding to Subject Access Requests
  • Real-Time Reports of correspondence with data subjects
  • Privacy and breach counsel in all EU member states and the UK
  • An EU-based platform for the required Article 30 Processing Records

You can schedule a 30-minute, No-Fee, No-Obligation consultation and we can explore how this issue specifically affects your company and how we can help.

PRIVACY BLOG