Generally, third country controllers or processors constantly offering goods or services to residents in the EU or monitoring their behavior are required to designate a representative in the EU, which needs to be established in one of the EU Member States where the data subjects, whose personal data are processed in relation to the offering of goods or services to them, or whose behavior is monitored, are. This also means that the Data Controller would be required to designate an EU representative.

The representative shall be mandated by the Data Controller to be addressed in addition to or instead of Data Controller by, in particular, EU data protection supervisory authorities and data subjects (especially: EU resident customers), on all issues related to processing, for the purposes of ensuring compliance with the GDPR.

The designation of a representative by the Data Controller shall be without prejudice to legal actions which could be initiated against the Data Controller, as specified by the GDPR.

In line with the above, we would provide the EU representative services, including

  • Constantly acting as the EU representative of the Data Controller specified in its privacy policy and records of data processing;
  • We would assist the Data Controller in responding to requests of EU resident data subjects (e.g. customers) under the GDPR;
  • We would assist the Data Controller in communicating with EU data protection authorities;
  • We would provide risk check and forward requests by data subjects and EU data protection authorities;
  • We would hold and manage Data Controller’s records of data processing.


Our services for APAC region clients

We provide legal and IT security advice for Singaporean and other Asian clients providing services to the EU especially in the following fields:

  • Legal and IT security support concerning compliance with the European General Data Protection Regulation (GDPR) and related data protection counselling;
  • Legal and IT security support concerning compliance with the Directive (EU) 2016/1148 concerning measures for a high common level of security of network and information systems across the Union (NIS Directive) and related legal advice. This service is especially tailored to online marketplace, search engine operators and cloud computing service providers covered by the NIS Directive. We would also provide advise and support with regard to the proposed NIS 2 Directive, which would revise the rules of the NIS Directive;
  • Legal and IT security support concerning compliance with current European ePrivacy requirements and the upcoming European ePrivacy Regulation;
  • Advising on member state and sectoral rules and restrictions concerning cloud service providers;
  • Counselling concerning the provision platforms and social media services targeting EU users;
  • Counselling concerning telco regulations in the EU and European data security requirements concerning telco service providers;
  • Counselling concerning health related services, eHealth applications and transfer of genetic and health data from the EU or to the EU.