Share

2 min read

Writen by Zlatko Delev

Posted on: July 28, 2022

Do I need an Article 27 Representative?

What is an Article 27 Representative?

Article 27 is one of GDPR’s most mis-understood requirements. Just like the other 98 articles, Article 27 forms part of your overall GDPR position and is part of your legal obligation. Put simply, if you are based outside of the EU, don’t have an entity inside the EU and you happen to process data relating to EU citizens then you need to appoint a representative to act as your representative – your Article 27 Representative. Same applies to UK citizens, if you process data about UK citizens and don’t have an entity in the UK you need to appoint a rep in the UK.  If you process UK and EU data and don’t have an entity in either territory you will need to appoint a representative in BOTH territories.

Where you can find more information about an Article 27 EU Representative ? 

This is a simplified version, for more information take a look at the links below or just contact us to discuss.  There is a handy self-assessment link on our site at: https://gdprlocal.com

Article 27 applies: https://gdpr-info.eu/art-27-gdpr/

Recital 80 is useful: https://gdpr-info.eu/recitals/no-80/

..and the ico provide probably the easiest to understand version: https://ico.org.uk/for-organisations/dp-at-the-end-of-the-transition-period/data-protection-and-the-eu-in-detail/the-uk-gdpr/european-representatives/

Who is an Exempt of Article 27 ? We get lots of questions about whether a company is exempt if they only process data occasionally, this exemption almost never applies but Article 49 defines ‘occasional’ – this is defined as, ‘more than once but not repetitive’. https://gdpr-info.eu/art-49-gdpr/

Also, there are exemptions for example, if our processing is only occasional, of low risk to the data protection rights of individuals, and does not involve the large-scale use of special category or criminal offence data.  It is important to note that these exemptions are defined as ‘or’ – not ‘and’ – again, this exemption hardly ever applies. [See WP29 note]. https://edpb.europa.eu/about-edpb/more-about-edpb/article-29-working-party_en

Hope this answers your questions – sorry this is quite technical, contact us anytime to discuss.

Contact Us

Hope you find this useful. If you need an EU Rep, have any GDPR questions, or have received a SAR or Regulator request and need help then please contact us anytime. We are always happy to help...
Zlatko, Adam, Hristina, Marin.

Contact Us

Recent blogs

Digital Age of Consent under the GDPR

GDPR incorporated a separate article that regulates the processing of children’s personal data wh

What is a personal data breach?

Many companies don’t take data privacy protection seriously until a data breach occurs.

Instagram fined for violating GDPR regulations

The Irish Data Protection Commission fined Instagram in amount of €405 million euros for breachin

Get Your Account Now

Setup in just a few minutes. Enter your company details and choose the services you need.

Create Account

Get In Touch

Not sure which option to choose? Call, email, chat to us
anytime.

Contact Us
06 GDPR INFO

Stay Up-To-Date

Leave your details here and we’ll send you updates and information on all aspects of GDPR and EU Representative. We won’t bombard you with emails and you will be able to tell us to stop anytime.