Do I need a representative to comply with the GDPR?
Are you processing personal data of people within the EU? Then consequently you probably have to apply the requirements within the GDPR(GDPR Art.2.1). Whether you actually need a EU Representative depends first and foremost this requirement only applies if;
You are an organization located outside of the EU.
You process the data of people within the EU (GDPR Art3.2).
However if you are already represented within the EU you probably don’t need to hire a new representative as long as the current setup complies with the requirements in GDPR art.27. We will discuss these requirements further in this article.
What are the requirements for this representative and what is its purpose?
The representative is supposed to increase the accessibility for GDPR requests by EU individuals. Additionally it is also the point of contact for EU Data Protection Authorities to your organization.
Therefore one of these requirements for companies without a representative in the EU is to formally appoint one. You only need one representative for the GDPR; not one per EU state!
If you need a representative and do not need a Data Protection Officer then it is advisable to hire a knowledgeable representative. For the reason that the DPO will be able to advise you and keep you up to date on all the latest data protection requirements and events. They can form the bridge between EU data protection requirements, EU citizens making requests based on the Data Protection Legislation and your company.
In case you also need a Data Protection Officer hire him/her first as they should be your first point of contact for any GDPR advise. DPOs will be able to consult you in hiring a representative (unless they perform both roles which is allowed also).