The General Data Protection Regulation (GDPR) requires some foreign companies to designate a “representative” that is present in the European Union (EU), not to be responsible for compliance, but to facilitate communication between data subjects and the controller or processor represented. The need to designate a representative occurs when a company that is not based in the EU “offer(s) goods or services” to a “data subject” that is based in the European Union. It is important to understand the definition, as many processors that are based in the United States, or that process data only from United States-based establishments, do not fall under the scope of Article 3(2).
