The General Data Protection Regulation (GDPR) not only applies to organisations
based in the European Union. Organisations from outside the EU may also be bound
by the provisions of the GDPR. This is the case if your organisation processes data
of data subjects within the European Union and this data processing is related to
offering goods or services or monitoring the behaviour of data subjects.

If your organisation is based outside the EU, but does fall under the scope of the
GDPR on the basis of the above criteria, under Article 27 GDPR you are required to
appoint a representative for your organisation within the European Union. This EU
representative represents your organisation with regard to your obligations under
the GDPR and is the link for all communications between your organisation and the
supervisory authorities (e.g. Data Protection Authorities) and data subjects located
in the European Union.

As from 1 January 2021, the obligation to appoint an EU representative within the
Union also applies to organisations off the United Kingdom. As a result of Brexit,
organisations off the United Kingdom will no longer be part of the European Union
from 2021. Organisations based in the British Isles must therefore appoint an EU
representative within the Union as from that date.