A portrait photo of the managing director Arno Schlösser of DP-Dock. He stands in front of a light gray wall and wears a white shirt.

EU Data Act Representative

for companies without an establishment in the EU

 

Arrange your free consultation appointment:

info@dp-dock.com

Book free online consultation

Go to contact form

Seal - iapp Bronze Member
Two ladies are sitting in front of a laptop, which is placed on a glass desk, and are discussing.

The Obligation to Appoint an EU Representative under the Data Act

Like the GDPR, the Data Act has a broad scope of application. Companies without an establishment in the EU may still fall within its scope, particularly if they have to comply with data provisions or data use obligations have an impact on relevant parties in the EU.

According to Article 37 (11-13) of the Data Act, any entity established outside the EU that makes connected products available or offers services in the Unions is required to designate a legal representative established within the EU. This includes, for example, cases where such entities offer their products or services to users in the EU or are contractually engaged with EU-based entities in relation to data access or use.

The appointed representative acts as a point of contact for competent authorities and affected parties within the Union in connection with the obligations under the Data Act.

Failure to appoint such a legal representative constitutes a breach of the Data Act and may lead to sanctions, as determined by the Member States, in accordance with Article 40 Data Act.

Our USP

Advantages

Wave as graphic

We have extensive expertise in data protection and the realm of digital laws: DP-Dock was founded by two leading data protection lawyers and an experienced IT consultant. We were one of the first companies to offer EU GDPR representative services and aim to support our international clients with respect to other legal obligations as well. We provide assistance regarding the Data Act and other data protection requirements that go beyond the scope of the GDPR.

As experts in European data protection and cybersecurity, we offer comprehensive legal representative services under the Data Act, to companies outside the EU to ensure compliance with the new regulations.

We act as the local point of contact for EU authorities and affected parties in all matters related to the obligations under the Data Act, especially in the areas of data access, sharing, and usage. With our expertise and a keen understanding of regulatory requirements, we assist with communication—particularly with demanding stakeholders and authorities.

Book free online consultation now
In this team photo in the office, two women are smiling from the left, a man, another woman and again a man. They have different attitudes and seem very competent.

Tasks

Roles & Duties of a EU Data Act Representative

Wave as graphic
A man in a blue suit and pink shirt holds a smartphone to his ear and smiles. He has his gaze slightly downward. On the left, a large, slanted skylight.

Our role is particularly important for companies that are not established in the EU but deal with data within the EU, such as by selling connected products or providing related services to EU users, or by sharing or using data from EU citizens. Please understand the scope of Art. 1(3) Data Act. A failure to appoint an EU representative under the Data Act may lead to sanctions imposed by individual Member States.

The EU legal representative under Article 37 of the Data Act has several responsibilities and thus provides various benefits for the company. The legal representative acts as a local point of contact for EU authorities and affected parties, representing the non-EU company with regard to its obligations under the Data Act. The following requirements must be met:

  • The EU representative must be appointed in writing.
  • The EU representative acts on behalf of the non-EU company and must therefore have authority to represent.
  • The legal representative must demonstrate comprehensive evidence of the measures and provisions implemented by the company under the Data Act.
  • The location of the representative determines the jurisdiction of the Member State applicable to the non-EU company.

Note

Important: Until a legal representative is appointed, your company will be subject to the jurisdiction of all EU Member States.

Feedback

Client feedback about our data protection services

Wave as graphic
The view of the Port of Hamburg from above is breathtaking with the Elbphilharmonie in the background and a beautiful blu
Logo - Redbubble

Customer
(Data Protection Officer: DPO)
Redbubble Inc., 111 Sutter Street, 17th Floor, San Francisco, CA 94104, USA

„DP-Dock brings real value to privacy compliance with their professionalism, responsiveness and depth of experience advising global tech companies operating in Europe.”

Logo - Universal Tennis

Customer
(Data Protection Officer: DPO)
Universal Tennis, LLC, 525 University Avenue, Palo Alto, CA 94301, USA

„DP-Dock is our designated Art. 27 GDPR representative for many years – more recently they are, in addition, our external DPO: a decision we’ve been happy with. Their understanding of global trends in data privacy is remarkable – including the provision of awareness trainings for our employees across the globe.“

Logo - ottobock

Customer
(Data Protection Officer: DPO)
Ottobock SE & Co. KGaA, Max-Näder-Strasse 15, 37115 Duderstadt, Germany

DP-Dock is our external data protection officer. They work with us in a targeted and trustworthy manner in an environment where we have many locations around the world. We are fully satisfied with their service. They are pragmatic, solution-oriented, qualified and fast when needed."

Contact information

Schedule a free first consultation appointment
with our data protection experts

Wave as graphic
A man in a blue suit and pink shirt holds a smartphone to his ear and smiles. He has his gaze slightly downward. On the left, a large, slanted skylight.

DP-DOCK GmbH
Ballindamm 39
20095 Hamburg

info@dp-dock.com

Privacy settings

We use cookies on our website. Some of them are essential, while others help us improve this website and your experience.

In this overview you can select and deselect individual cookies of a category or entire categories. You will also receive more information about the cookies available.
Group essential
Name Matomo
Technical name
Provider
Expire in days 72
Privacy policy
Use Use without cookies
Allowed
Group external media
Name Calendly
Technical name __cf_bm,__cfruid,OptanonConsent
Provider Calendly LLC
Expire in days 365
Privacy policy
Use To arrange appointments via the provider Calendly
Allowed
Name Contao CSRF Token
Technical name csrf_contao_csrf_token
Provider Contao
Expire in days 0
Privacy policy
Use Serves to protect the website from cross-site request forgery attacks. After closing the browser, the cookie is deleted again.
Allowed
Name Contao HTTPS CSRF Token
Technical name csrf_https_contao_csrf_token
Provider Contao
Expire in days 0
Privacy policy
Use Serves to protect the encrypted website (HTTPS) against falsification of cross-site requests. After closing the browser the cookie is deleted again
Allowed
Name PHP SESSION ID
Technical name PHPSESSID
Provider Contao
Expire in days 0
Privacy policy
Use PHP cookie (programming language), PHP data identifier. Contains only a reference to the current session. There is no information in the user's browser saved and this cookie can only be used by the current website. This cookie is used all used in forms to increase usability. Data entered in forms will be e.g. B. briefly saved when there is an input error by the user and the user receives an error message receives. Otherwise all data would have to be entered again
Allowed
Privacy Policy | Privacy Policy