Which businesses need a GDPR Representative?
Under Article 27 of the European Union General Data Protection Regulation (GDPR) your business
must appoint a “Representative” in the EU if:
A Public body does not need to appoint a GDPR Representative. If you decide you don’t meet the
criteria for needing a Representative you must document this fact, and the reasons this
decision was made – in order to comply with the record-keeping obligations under Article 30.
Are there any exemptions?
Yes, according to Article 27 a controller or processor does not need to appoint a
Note: “Occasional” is not defined in GDPR, but repetitive processing, such as
is unlikely to be “occasional” and businesses running website analytics on persons in
the EU is
highly unlikely to be “occasional”.
If my company is part of a group of companies do I need to appoint a separate
Representative for each entity?
Yes. Each separate legal entity in the group of companies must separately appoint a
GDPR Representative. Each entity can appoint Juksta separately. If you have a large group of
companies please contact us for special rates for group companies.
What are the Representative responsibilities?
By you appointing Juksta as your representative we are required to enable your
customers/data subjects and relevant supervisory authorities to communicate with you via
us. We enable the communication via our Representative Portal for all online
communications. Any postal or fax communications can be sent to our office in
Ireland and we will scan them into our Representative Portal so that they are instantly
available to you. Your customers/data subjects, supervisory authorities and others may
also contact you directly, and you may respond to them directly. You must make our
representative service available, but it is not against the law if it is not used.
The Representative must also co-operate with the supervisory authorities.
Can my DPO be my Representative?
No. The roles and functions of a DPO and a Representative are different.
The European Data Protection Board (EDPB) has expressly stated that it considers
the role of a Representative to be incompatible with the role of the DPO.
The DPO’s role is to exercise their duties and tasks in an “independent manner”, whereas a
representative must act only in accordance with the written instruction of the company.
The EDPB also considers the two roles to have potential conflicts of interest.
What are the penalities of non-compliance?
Under Article 3 of the GDPR, Territorial scope of the legislation specifically includes
processing of personal data of EU data
subjects by organisations who reside outside the EU. Penalities for not complying with the
requirement to appoint a GDPR representative can be up to 2% of the businesses annual
revenue or $10,000,000 Euros, whichever is the greater.
Penalites may be enforced by supervisory authorities, and/or you maybe liable for civil
claims arising from your breaches of GDPR.
How should I choose a Representative?
You should choose a Representative who:
Can you be my Representative?
Yes, upon completion of registration your GRPR Representative will be Juksta GDPR
an Ireland based company.
Juksta GDPR Representative Limited is part of the Juksta group of companies, with a
presence in Ireland and Australia.
How do I appoint you as my Representative?
Simply select a plan and register an account.
You appoint us as your GDPR Representative as part of the sign up process.
Can you tell me more about you?
We are made up of a group of legal experts and IT specialists. Our senior lawyers and
privacy experts have over 25 years experience specialising in information
technology contracts, business law and regulatory compliance.
Our senior IT specialists have over 20 years
experience in software development, product management and information security.
What are my payment options?
Payment can be made by credit card, with all prices in Euros.
The Juksta GDPR Representative service is a monthly subscription.
Your monthly subscription fee is automatically billed against your choice of payment and
an invoice/receipt provided.
How do data subjects contact me online?
Web based requests can be made by your clients, data subjects or supervisory authorities via your unique
Customer Care portal, which is setup on registration.
You are provided with a URL and HTML code, which you can add to your contact information.
Notifications received via the portal are
automatically queued in your Notification Management Portal and you will be notified via
email and/or SMS.
Can I receive requests by mail or fax?
Yes, requests made by post or fax to your GDPR representatives address in Ireland are scanned
and added to your Notification Management Portal. You are also notified of these
requests via email and/or SMS.
How do I respond to requests?
Requests are managed via your Notification Management Portal. From here you can review
requests and action them to provide information to the data subject or
Do you help me with my response to a request?
No, Represent is an application designed to facilitate the request process and
enable you to respond in a manner that meets your record keeping requirements.
You are solely responsible for dealing with the request, identifying the requestor,
providing any response and all other aspects of the request.
Does this mean you are a data processor?
Yes. Under GDPR the Representative acts only under the directions of its customer, and
so Juksta is the data processor and its customer is the data controller for Representative
Do I need a processing agreement with you?
Yes, because we are processing data for you, you need a data processing agreement as one of
your GDPR obligations. A data processing agreement is entered into as part of the terms and
agreements when you sign up. There are no additional actions you need to take.