The part of GDPR that I find unreasonable is the requirement to appoint an EU re...

omeid2 · on July 26, 2018

> It makes small companies with no presence in the EU Hire someone in the EU if they want to comply, which could be necessary if they sell to companies that do have an EU presence.

It simply does not.

Paragraph one of the Article 27 which states the requirement for a representative is followed by

Paragraph 2: The obligation laid down in paragraph 1 of this Article shall not apply to:

a) processing which is occasional, does not include, on a large scale, processing of special categories of data as referred to in Article 9(1).

If you're wondering what is "special categories of data", they're reasonably sensitive data,

Art 27. 1: Processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation shall be prohibited.

Which is again, exempt, under Paragraph 2 of the same Article, which states:

2. a) Paragraph 1 shall not apply if one of the following applies:

    the data subject has given explicit consent to the processing of those personal data for one or more specified purposes.

So basically, responsibility and transparency.

curun1r · on July 26, 2018

It's not at all that simple [0]. In particular, it's not at all clear what occasional means, since GDPR doesn't define it clearly and a simple dictionary definition would mean that something as simple as an Apache log would not qualify as occasional and would require an EU representative.

[0] https://www.dpr.eu.com/do-gdpr-art-27-apply

nugget · on July 26, 2018

Every incorporated entity in the US is required to have a registered agent physically located within the entity's state of incorporation as well. It's a pretty low bar to meet.