GDPR Compliance
Is your business located in Australia? Are you looking to trade in the EU or UK? Avoid these 3 costly mistakes!
The UK and EU take data privacy seriously. Getting it wrong can result in fines of up to €20M
Our multi-award winning team of data privacy experts have worked with FTSE100, Fortune500 and SMEs across four continents to deliver data protection excellence.
We can help your business stay compliant with EU and UK data privacy regulations and ensure your compliant with Article 27.
Avoid these 3 cost mistakes
1.) Not appointing an EU or UK Data Protection Representative
As a non EU firm you will need to appoint an EU or UK data protection representative if you process the details of people from either region. The rep must be a ‘person’ or suitably qualified organisation located in the region.
2.) Not having your ROPA
As a NON-EU or UK based organisation you must have your ROPA (Records or Processing Activities) available for inspection. These MUST be held by your representative and made available to regulators on request.
3.) Duplicating someone else’s work
This is a short cut that will trip you up. Your data processing requirements are unique to your business, so copying someone else’s work will always land you in hot water. In fact, we’ve seen a care home use privacy documentation relating to a Cinema they copied off a website. Under GDPR fines can be issued for up to €20M or 4% of your organisations annual turnover.
How you can become compliant?
The first step of the journey towards compliance with the EU GDPR and UK Data Protection Act 2018 is selecting an organisation to work with.
You need to ensure they have the expertise to represent your business professionally to regulators and to your customers.
As a multi-award winning data privacy company, Ametros Group helps to protect over 3bn worth of commercial assets through our Representative service.
Article 27 GDPR
The GDPR is a complex law and affects firms outside of the EU. In fact, under article 27, a firm that is not in the EU may have to appoint a rep. Those who process the personal details of EU citizens will have to have an EU representative.
As a non EU firm there are a couple of things you must do. Firstly, check to see if you do process the details of EU citizens. This can be the details of staff or customers. Secondly, if you do find that you process details of people from the EU then you will need to appoint an EU representative. Thirdly, you will have to make their contact details freely available.
Ametros Group help organisation across four continents to comply with Article 27 GDPR through our EU Representative service.
Direct contact
Part of the duty of the EU Representative is to work with EU citizens whose information is being processed and assist them in ensuring their legal rights are upheld.
Our EU representative service ensures your data subjects, your internal team and the EU data protection regulators have direct contact to our team for privacy matters.
Shared Liability
An EU Representative should be expected to have a ‘hands-on’ approach. Should an EU regulator find your business to be non-compliant, your EU representation could be subject to enforcement action.
As your EU representative part of our job is to work with the people whose data you process. We will help ensure their legal rights are upheld, and work with you to ensure you remain compliant and operate within the spirit of the law.
Get in touch
Request further information and pricing