FinTech DPO

GDPR EU Representative for International Financial Technology Startups

The General Data Protection Regulation (GDPR) has a very broad scope. Companies with business activities in the EU can easily be subject to GDPR, even if they are not established in the EU. The GDPR may already apply when a non-EU company offers goods or services to individuals in the EU or monitors their behaviour (e.g., using online analytic tools). In this case, the company must appoint a representative in the EU in accordance with Art. 27 GDPR. Failure to comply may result in fines of up to EUR 10,000,000 or 2% f the company's global annual turnover; various data protection autorities have already imposed fines for failure to appoint an EU representative.
Our role is particularly important for companies that are not based in the EU but target EU consumers, e.g. by selling goods or services to EU citizens or by monitoring their behaviour. A breach of the obligation to appoint an EU representative can result in heavy fines, up to €10 million or 2% of the company's annual worldwide revenue, whichever is higher. The EU representative has several tasks and therefore provides several advantages to the company. The representative will act as a local contact for EU citizens and supervisory authorities and represent the non-EU company in relation to its GDPR compliance. The below requirements must be satisfied: 1. The EU representative must be appointed in writing. 2. The EU representative must act on behalf of the non-EU company and must therefore have representational authority. 3. The EU representative must maintain a processing directory (Article 30 GDPR). 4. The EU representative must be located in an EU member state in which persons affected by the company's actions are also located.
Many companies are required by the GDPR to appoint a Data Protection Officer (DPO). The obligation generally exists as soon as company's activity leads to particularly extensive or sensitive processing of personal data. For companies with an establishment in Germany, the obligation also exists if at least 20 persons are tasked with the automated processing of personal data (e.g. via, the use of a computer) or carry out data processing activities that are subject to so-called data protection impact assessments.
Monitoring and consulting: The data protection officer monitors the company's compliance with data protection laws and audits the company regularly and independently. He advises the company and its employees on their obligations under data protection law. Employee training: The data protection officer shall raise awareness of data protection issues within the company. This is often done through training and making employees aware of their obligations under data protection law. Contact person for data subjects and supervisory authorities: The data protection officer serves as a point of contact for both, employees and management, who have questions about the processing of personal data in the company. In addition, the data protection officer is also often the main contact for supervisory authorities on issues relating to the company's data processing activities. Support in day-to-day business: The data protection officer assists the company in creating and updating its data protection documentation, for example, the records of processing activities (RoPA), data processing agreements, consent declarations, data protection notices and data protection impact assessments.
Financial Technology OÜ
Registrikood 14703656
Harju maakond, Tallinn, Kesklinna linnaosa, Narva mnt 5, 10117, Estonia