Do I need an Article 27 Representative?
What is an Article 27 Representative?
Article 27 is one of GDPR’s most mis-understood requirements. Just like the other 98 articles, Article 27 forms part of your overall GDPR position and is part of your legal obligation. Put simply, if you are based outside of the EU, don’t have an entity inside the EU and you happen to process data relating to EU citizens then you need to appoint a representative to act as your representative – your Article 27 Representative. Same applies to UK citizens, if you process data about UK citizens and don’t have an entity in the UK you need to appoint a rep in the UK. If you process UK and EU data and don’t have an entity in either territory you will need to appoint a representative in BOTH territories.
Where you can find more information about an Article 27 EU Representative ?
This is a simplified version, for more information take a look at the links below or just contact us to discuss. There is a handy self-assessment link on our site at: https://gdprlocal.com
Article 27 applies: https://gdpr-info.eu/art-27-gdpr/
Recital 80 is useful: https://gdpr-info.eu/recitals/no-80/
..and the ico provide probably the easiest to understand version: https://ico.org.uk/for-organisations/dp-at-the-end-of-the-transition-period/data-protection-and-the-eu-in-detail/the-uk-gdpr/european-representatives/
Who is an Exempt of Article 27 ? We get lots of questions about whether a company is exempt if they only process data occasionally, this exemption almost never applies but Article 49 defines ‘occasional’ – this is defined as, ‘more than once but not repetitive’. https://gdpr-info.eu/art-49-gdpr/
Also, there are exemptions for example, if our processing is only occasional, of low risk to the data protection rights of individuals, and does not involve the large-scale use of special category or criminal offence data. It is important to note that these exemptions are defined as ‘or’ – not ‘and’ – again, this exemption hardly ever applies. [See WP29 note]. https://edpb.europa.eu/about-edpb/more-about-edpb/article-29-working-party_en
Hope this answers your questions – sorry this is quite technical, contact us anytime to discuss.
Hope you find this useful. If you need an EU Rep, have any GDPR questions, or have received a SAR or Regulator request and need help then please contact us anytime. We are always happy to help...
Zlatko, Adam, Hristina, Marin.
On 9th August 2022, noyb.eu lodged 226 GDPR complaints with 18 authorities against websites that us
UK companies who collect, store, or process personal data may need to register with the ICO however
What is an Article 27 Representative? Article 27 is one of GDPR’s most mis-understood requirem