Driving Value Added Services & Content|Billing & Engagement In Motion|Minutes, Messages & Traffic That Pays|Engage & Commercialize Connected Consumers|Making Interactive Media Pay|Billing & Alternative Payments That Convert|Mobile Strategies For Merchants & Content Owners|Monetising Premium Content & Services
Mythbusters - iGaming
Cookies Digital
Audiotext IPRN Platform
dynamicmobile billing

Who has racked up the biggest GDPR fines – and how can UK companies avoid joining them?

1

€51.1m – that is how much French companies have so far been fined by the EU for breaching GDPR. Compare that with €24.5m in Germany and just €1.4m in Spain and you can see how much of the €114m European total has come from one country.

For the European Union, enforcing General Data Protection Regulations (GDPR) is no laughing matter – yet compliance remains far from evident. A recent study of the 10,000 most popular sites in the UK revealed that only 11.8%, or little more than one in ten, meet cookie consent requirements.

This situation is set to become even more complicated after Brexit, as the UK will still be subject to GDPR requirements until 31 December 2020.

However, after that point all British companies will be required to appoint a personal data Representative for the European Union should their products/ services target individuals within the EU.

And yet, choosing this Representative is not a decision to be taken lightly. Detailed regulatory knowledge is critical if the finer points of all legislative measures are to be respected, which is all the more important as they are likely to change over the years to come. In particular, a new European regulation, ePrivacy, could be added to GDPR from 2020 onwards.

With this in mind, Asklépian, a French data protection and compliance expert, is offering both SMEs and large-scale groups a new service: “An EU Outsourcing Representative”. This will enable them to continue to operate in France and Europe without risking heavy fines.

Post-Brexit GDPR preparations start now

British companies have only one option: they must name an EU Outsourcing Representative before the end of the year in order to comply with the law. In fact, like all companies based outside the EU, they must have a representative within the EU in order to continue doing business and adhering to GDPR.

Fabien Fernandez, the founder of Asklépian, explains: “We finalised the details of this new service while participating in the Data Protection World Forum in London in February 2020. A number of SMEs and large-scale groups actually admitted a feeling of confusion in the face of this new requirement and the urgency to comply with GDPR.”

The aim of launching this new service is therefore to simplify the daily realities of these companies by offering them a personalised, turnkey service.

This concerns all areas of business

The EU Outsourcing Representative is a representative located within the borders of the European Union (EU) with data controllers (or processors) for companies established outside the EU.

All areas of business will be affected, where the personal data of individuals located within the EU is handled:

  • Either through the marketing (be it paid or unpaid) of goods/ services in the EU. Examples: online business, start-ups, dating websites…
  • or whereby individual behaviour is monitored.

Certain activities, involving sensitive data, will however be subject to closer monitoring and controls: health data, data related people’s personal life/ sexual orientation, racial or ethnic origin, genetics, biometrics…

Asklépian already provides support to numerous French companies across a variety of sectors (health, mobility, start-ups, dating websites, insurance brokering…) to ensure their compliance with GDPR regulatory requirements.

The newly-created role of an outsourced data protection representative involves providing GDPR expertise, informing and advising, being a point of contact between all stakeholders and anyone affected by data protection (the CNIL, controllers, processors, clients, employees…), documenting steps taken to ensure compliance and supporting the implementation of organisational measures.

Thanks to its extensive experience, this French company has been able to develop a functional and made-to-measure service which stands out due to:

  • leading expertise on governing regulations;
  • skills certification accredited by the CNIL;
  • a fairer pricing structure;
  • a resolutely user-oriented approach;
  • a methodology which also champions organisational measures, whereas competitors limit themselves to technical measures;
  • comprehensive knowledge of the administrative system;
  • contracts with large-scale groups in the health and mobility sectors.

Fernandez adds: “Asklépian will represent all companies based outside the EU from Bordeaux (France) and offer them a point of contact with the CNIL and any individuals concerned by personal data processing (clients, users, patients…).”

Share.

1 Comment

  1. This is an interesting article, but I think it mis-represents (hoho) the role of the Representative. Other than specifically relating to the acitvities they’re involved with – acting as a conduit for communications and holding the Article 30 records of processing – there is no advice element for the Representative; that’s more the role of the DPO.

    More importantly, it’s important to be aware that the Representative needs to be in one of the EU countries where the non-EU company has data subjects (Article 27(3)), so if they don’t have data subjects in France this company cannot be a compliant appointment. Also, the guidance (EDPB 03/2018) states that the Representative should be in the country where the largest number of data subjects is based, and data subjects in other companies should have easy access to the Representative. As a result it is often necessary to appoint a Representative with locations across the EU, or several Representatives in different countries, to demonstrate best practice.

Leave A Reply