EU Representative Service (according to Art. 27 GDPR)

If there is no branch in the EU, but goods or services are offered to persons within the EU or the behavior of persons within the EU is monitored (e.g. tracking and profiling), an EU representative according to Art. 27 GDPR is usually required. 

Failure to designate an EU representative may result in fines of up to 10 million euros or up to 2% of the annual worldwide turnover for the previous fiscal year. 

The tasks of the EU representative are defined in Art. 27 GDPR. On the one hand, he serves as a contact point for supervisory authorities as well as for data subjects from the EU. On the other hand, the representative assists in receiving and forwarding data subject inquiries as well as in providing the records of processing activities upon request of the supervisory authority. He thus performs a representative task within the EU and thereby supports compliance with the requirements of the GDPR. 

Data subjects must be informed about the EU representative. This means that the contact details of the EU representative must be included in the privacy policy. In addition, the EU representative must be named in the list of records of processing activities

The function of the EU representative is essentially to be available as an external point of contact for supervisory authorities and data subjects in the EU. This does not affect any liability of the controller. In contrast, the scope of duties of a data protection officer is much broader. The data protection officer is not only an external but also an internal point of contact for all data protection issues. The data protection officer performs legally defined tasks such as monitoring compliance with data protection regulations and informing and advising employees and the management.