Here you can find answers of all of our frequently answered questions. If you can’t find an answer, please contact us at [email protected] and we can help you the best we can
Browse by category
GDPR Article 27 Representative
All companies without offices in the EU and/or UK will need to appoint an Article 27 GDPR Representative, if they process personal data of individuals that are located in the EU/UK.
EU companies without offices in the UK will need to appoint an GDPR Representative in the UK if they process personal data of individuals that are located in the UK.
UK companies without offices in any EU member states will need to appoint an EU GDPR Representative if they process personal data of individuals that are located in the EU.
These legal requirements apply to almost all companies including financial, business and legal services, online retail, marketing and adtech products, technology, transportation and aviation, clinical trials, health and diagnostic services, cookie-based advertisement, as well as digital services, such as mobile apps and online communities.
The EU Representative is mandated by the data controller or processor to be addressed in addition to or instead of the controller or the processor by, in particular, supervisory authorities and data subjects, on all issues related to [data] processing. The Representative acts as a local point of contact for matters of data protection and privacy, and receives communications from data protection supervisory authorities in official proceedings, as well as, for example, requests from data subjects to exercise their GDPR rights.
The contact details of your Article 27 Representative must be published in your company privacy policies. We also recommend that you add our details to your website footer and in any relevant documentation.
As your Article 27 Representative we need to complete our due-diligence and ensure we understand how you collect, store, and process data. We need to keep a copy of the company’s record of processing activity spreadsheet along with other key documents to help us understand how you operate. Upon request of a supervisory authorities, the Representative must cooperate with them and disclose the Article 30 documentation.
No, failure to appoint an EU Rep would be a breach of Article 27 of the GDPR and carries the same potential penalties.