Get Your EU Representative (Art. 27 GDPR) in 5 Minutes!
If you are a controller or processor not established in the EU and process personal data of data subjects who are in the European Union, you must appoint a representative. This representative in the Union is the point of contact for all questions concerning the data protection of EU citizens and the contact for data protection supervisory authorities.
With Brexit approaching rapidly, this is of particular relevance to UK-based companies.
It takes three steps to appoint our firm as your representative:
1. Send us a note to indicate your interest.
2. We will send you the agreements for you to sign and return.
3. We will return a countersigned agreement and the invoice for the first year of service.
Once we have completed those steps, you can mention our firm as your representative.
The General Data Protection Regulation (GDPR) is applicable irrespective of where a company is located and where the processing takes place as long as the processed data pertains to data subjects in the Union.
According to Art. 27 GDPR, a representative must be appointed in at least one EU country when the processing activities are related to
- the offering of goods or services, irrespective of whether a payment of the data subject is required, or
- the monitoring of their behaviour as far as their behaviour takes place within the Union.
Even the analysis of visitors of your website can be considered monitoring. If one of the above criteria is given, you need to appoint a representative, unless an exception applies. The obligation to designate a representative in the Union does not apply to processing which is
- does not include, on a large scale, processing of special categories of data like racial or ethnic origin, political opinions, religious or philosophical beliefs or processing of personal data relating to criminal convictions and offences, and
- is unlikely to result in a risk to the rights and freedoms of natural persons, taking into account the nature, context, scope and purposes of the processing.
It is important to note that the controller or processor must comply with all these criteria described above in order to be exempt from the obligation to appoint a representative. You also do not need a representative if you have an establishment within the EU.
We can help you assess whether the GDPR applies to you and whether you need a representative. If so, we can act as your representative.
Additionally, we can support you in becoming compliant, act as your external data protection officer and advise you on an ongoing basis.
The fee for the representative service is
- 299,90 € / year* for companies up to 5 employees,
- 499,90 € / year* for companies up to 20 employees,
- 799,90 € / year* for companies up to 50 employees,
- 999,90 € / year* for companies with more than 50 employees.
Additional charges may apply in case third party correspondence or inquiries need to be worked on.
Please contact us at firstname.lastname@example.org or at +49 228 74 898 0.
* Fees plus VAT, if applicable. The representative service is already included in our offer "External Data Protection Officer.". We will gladly send you a quote for that, too.