EU Representatives under Article 27 GDPR

Non-EU companies will have to designate GDPR EU Representatives under Article 27 of the EU General Data Protection Regulation (GDPR) when they are processing personal data in connection with the supply of goods and services or the monitoring of the behaviour of data subjects in the EU.

Art. 27 GDPR EU Representatives

If your company is not established in the European Union (EU) but processes personal data of individuals in the Union in relation to the offering of goods and services or the monitoring of behaviour, Article 27 GDPR requires you to designate a GDPR EU Representative. Here are answers to some of the most common questions regarding EU Representatives:

Choose you service and order online now

If you need to appoint an EU Representative under Article 27 GDPR and you are interested in our services, please follow the link below to choose the service that best suits your needs and place your order online. The service will be ready, set up and running within 24 hours after order confirmation. This offer is for commercial customers only.

Order EU Representative now

More about EU Representatives

Questions and Answers about EU Representatives

What are EU Representatives?
Is it mandatory to appoint an EU Representative?
What do EU Representatives do?
What is the difference between EU Representative and Data Protection Officer?
Do EU Representatives have to reside in the EU in order to comply with GDPR?
How to communicate with the EU Representative team?
How to appoint an EU Representative?

What are EU Representatives?

EU Representatives under Article 27 GDPR are designated by a controller or processor outside the EU. They liaise with the data subjects, act on behalf of the controller or processor within the EU and may be addressed by and cooperate with supervisory authorities to ensure compliance with the GDPR.

Is it mandatory to appoint an EU Representative?

Yes, designation of EU Representatives under the GDPR is mandatory if you process personal data in any of the following cases:

  1. When offering goods or services in the EU, irrespective of whether it is free of charge or a payment is required.
  2. When monitoring the behaviour of data subjects as far as their behaviour takes place within the EU.

In order to establish an exemption the nature, context, scope and purpose of the processing must be considered. The appointment of an EU Representative is not required if:

  1. the processing is carried out by a public body, or
  2. processing is occasional and does not include special categories of personal data or data relating to criminal convictions and offences and is unlikely to result in a risk to the rights and freedoms of data subjects.

What do EU Representatives do?

Under GDPR, EU Representatives are the direct point of contact for data subjects. They may be addressed by supervisory authorities and are authorized to receive legal documents on behalf of the controller or the processor. Under Art. 27 GDPR, the EU Representative acts on behalf of the controller or the processor regarding their obligations under GDPR. The EU Representative is the point of contact for data subjects and, as an authorised recipient, they are the addressee for supervisory authorities to receive applications, legal documents, data subject access requests and official instructions. The Representative works with the relevant supervisory authorities to ensure the controller or the processor are compliant with GDPR: Inter alia, the Representative keeps documentation on data privacy breaches and provides evidence of lawful consent according to Art. 27 (4) GDPR. Pursuant to Art. 30 (1) to (3) GDPR, EU Representatives act for the controller or the processor in their duty to maintain a record of processing activities and data processing contracts, making these records available to the supervisory authorities upon request.

What is the difference between EU Representative and Data Protection Officer?

An EU Representative should not be confused with a Data Protection Officer within the meaning of Art. 37 GDPR. Both have different tasks and duties: A Data Protection Officer advises the company on data protection issues and must promote a compliance culture. The EU Representative is merely a point of contact, subject to a mandate and instructions from the company. They are available to receive inquiries and complaints and can keep a record of the processing activities, but beyond that they have no other active duties.

Do EU Representatives have to reside in the EU in order to comply with GDPR?

Yes. Art. 4 No. 17 GDPR defines ‘representative’ as a natural or legal Person established in the Union. In addition, Art. 27(3) GDPR clearly states that the EU Representatives shall be established in one of the EU Member States where the data subjects, whose personal data are processed are. Hence, appointing EU Representatives that do not reside in the EU seems to be in violation of the GDPR.

How to communicate with the EU Representative team

OBSECOM offer their customers various communication options. If you wish, we will forward you information by encrypted or unencrypted e-mail, fax or registered mail. All documents are made available on the OBSECOM communication platform. Data subjects and supervisory authorities can make enquiries about a non-EU organisation for which OBSECOM GmbH has been appointed EU Representative by sending a formal request by registered mail or via the contact form at https://www.obsecom.eu/EU-Representative-Inquiry.

How to appoint an EU Representative?

The appointment is made in writing and is based on a contractual agreement between the controller and the EU Representative. The contact details of the EU Representative must be shared in the privacy notice, but notification to the supervisory authorities is not required. You can order the EU Representative online directly via the OBSECOM website. Just follow the link below, select the basic annual program fee and enter your company details. The service will be ready, set up and running within 24 hours of order confirmation. You will receive further information on how to proceed after the service is set up: Click here to order the EU Representative service online.

GDPR EU Representative

Order your EU Representative Service now!

Follow the link below to choose the service that best suits your needs and place your order online now. We will process your order within 24 hours after order confirmation.

Click here to order EU Representative services

Our services

The team at OBSECOM GmbH supports your company in complying with data protection requirements. We are a competent service provider for all questions regarding EU Representatives, the implementation of data privacy regulations and the designation of external Data Protection Officers. We at OBSECOM GmbH are a team of experienced Data Protection Officers with special expertise in international data transfer supported by a network of experienced partners with profound knowledge in various industries.
Our services as EU Representatives are aimed at companies in French and English-speaking countries such as Australia, Canada, Hong Kong, New Zealand, Singapore, Switzerland, the United Kingdom, and the USA.

As an EU Representative we perform the following services:

  • Cooperation with the supervisory authorities
  • Direct point of contact for data subjects
  • Providing support in creating a register of processing operations
  • Keeping a copy of registers, documentations and agreements
  • Unlimited forwarding of E-mails, scan in, providing documents as electronic files
  • Translating documents and correspondence
  • Access to our extensive library with case law, legal texts and articles on data privacy law
  • Providing templates for privacy policies and other formal documents
  • Regular updates in matters of EU data privacy law

For more information please read our paper EU Representatives in a nutshell. We offer the following additional services to our customers in order to make processing as uncomplicated as possible.

We are happy to help – how to contact us

Florian Wuttke Data Protection Officer (GDDCert. EU) FLORIAN WUTTKE
LPC LL.M. (Birmingham)
LL.B. (Hons)(Open) (Milton Keynes)
Certified Data Protection Officer BCS/ISEB (UK)
Certified Data Protection Officer (GDDcert. EU)
Florian Wuttke is your competent partner for questions regarding EU Representatives and GDPR. He specialises in topics related to international data transfer and has extensive experience in legitimising data exchange with the US and other Non-EU countries. More about Florian Wuttke