GDPR representative at your service

Osano can act as your organization's EU General Data Protection Regulation representative, a requirement under the law. That's because Osano's subsidiary, Osano Compliance Services International, is based in Dublin. Our local team of privacy experts and attorneys are at your service to help with all EU-related issues.

Learn About GDPR Representative

Your Website Visitors Are in the EU. Now You Are Too.

GDPR Article 27 requires in-scope companies to maintain a physical presence in the EU if they process the personal data of EU residents. Failure to do so can result in penalties and fines. As your dedicated GDPR Representative, we’ll instantly alert you of any notices from the EU supervisory authorities or any requests from data subjects.

Be Safe

If you're lucky, you'll never receive a DSR or EU notice. However, like an insurance policy, if you don't have it you can find yourself in big trouble. Naming Osano as your GDPR representative checks the requirements box for GDPR and lets you sleep at night.

Save Money

You could set up your own EU entity, rent offices, and hire an individual who is experienced with EU data processing. You'd also have to maintain the entity, file taxes, and provide audited financials annually. What would that cost? A lot more than Osano.

Stay Updated

Once you update your GDPR statement to reflect Osano as your local rep, we’ll do the rest. With Osano’s automated digital mail forwarding, we’ll alert you of any new data requests or updates from the EU authorities. All documents are available for download.

Reduce your risk of being fined for GDPR violations.

Get Compliant Now

Many small businesses believe that they are too small to get the attention of the EU supervisory authorities, but they are wrong.

In fact, EU authorities have fined businesses as small as local stores. In one extraordinary case, an individual was fined $11,000 for a GDPR violation. The FTC in the US and the EU established a cooperative agreement, so even if you and your company are solely in the US, the GDPR can be enforced against you.

GDPR is new in the grand scheme of things, and the fines are only beginning. Over the coming years, we will see more frequent and more substantial penalties. We will see fines for failure to disclose breaches, for failing to have basic best practices in place, and yes, for failing to have an EU representative while collecting personal data from EU visitors.

But what counts as personal data? The IP address of a website visitor, the most fundamental part of the Internet, is considered personal data. If your website uses any analytics, has log files, and stores the IP address for even one single European visitor, you're required to abide by the GDPR.

If you could easily reduce your risk of being targeted for enforcement actions, why wouldn't you?