EU representative
required under the GDPR

We liaise with data protection authorities and data subjects in the European Union (EU) on your behalf. You meet your General Data Protection Regulation (GDPR) obligations.

EU representative
required under the GDPR

We liaise with data protection authorities and data subjects in the European Union (EU) on your behalf. You meet your General Data Protection Regulation (GDPR) obligations.

Compliance builds sustainable trust

CIPP-E_Seal_2013
activeMind-legal-ISO-27001-Siegel-2022-06-27
activemind-tisax-logo

Does your company need an EU representative?

Most non-EU businesses need an EU representative according to the GDPR.

If your company does not have an office, branch or other establishment in the EU, but does business with European clients you may have to appoint an EU representative.

Specifically, under the GDPR, you (regardless of whether you are a controller and processor) must appoint an EU representative if you process personal data in the following contexts:

You offer goods or services to individuals in the EU (irrespective of whether these are free of charge), or

You monitor the behaviour of individuals in the EU (insofar as their behaviour takes place within the EU).

What will an EU representative do for you?

The EU representative empowers your non-EU business to be GDPR compliant.

An EU representative is the point of contact for data subjects and supervisory authorities from all EU Member States. The representative acts on your behalf with regard to your obligations under the GDPR.

The EU representative also maintains your records of processing activities (ROPA) and makes these records available to the data protection supervisory authorities upon their request.

How do you choose the best EU representative?

An EU representative qualifies themselves through their expertise, communication skills and multilingualism.

EU representatives may be external service providers, either individuals or organisations, such as law firms, consultancies, private companies etc. They must be based in one of the countries where your customers or data subjects are located.

It is strongly advised to appoint an EU representative that has a thorough understanding of both the legal and technical aspects of data protection, enabling them to communicate effectively with the supervisory authorities.

Furthermore, acting as a contact point between you and data subjects or authorities, an EU representative should be able to speak the relevant local language.

Ein Datenschutz-Jurist von activeMind.legal lächelt in die Kamera, während hinter ihm weitere Mitarbeiter der Kanzlei an einem Fall arbeiten

Whistleblowing-Richtlinie

In einer Whistleblowing-Richtlinie legen wir den Meldeprozess fest und dokumentieren Zuständigkeiten sowie Einhaltung gesetzlicher Vorgaben.

Mitarbeiterschulung und Infomaterial

Mittels Onlineschulung unterrichten wir Ihre Mitarbeiter über das eingerichtete Hinweisgebersystem. Ergänzend erhalten Sie Informationsmaterial, um auf das Hinweisgebersystem aufmerksam zu machen.

4 good reasons why you should choose activeMind.legal as your
EU representative

Specialised lawyers

We are a well-established law firm with offices in Berlin and Munich specialising in EU data protection. Our lawyers and experts have a range of data protection and information security certifications.

Years of experience

We have extensive experience in data protection, and have been dealing with supervisory authorities in the EU, as well as with data subjects, for years.

Truly international

Our international team speaks 10+ European languages and has comprehensive knowledge of the data protection laws of many EU and EEA countries.

Additional support

We help you with all your queries regarding EU data protection law, support you in answering queries from authorities and data subjects, and can provide comprehensive support in setting up a data protection management system (DPMS), if desired.

Free enquiry

We will be happy to provide a quote for our services as your EU representative. Please provide us with some information about your company.

We will contact you within two working days.

Frequently asked questions about the EU representative required under the GDPR

Art. 27 GDPR (General Data Protection Regulation) requires companies that do not have offices, branches, or other establishments in the EU (non-EU businesses), but conduct business with European clients, to appoint an EU representative. Specifically, you must appoint an EU representative if your organisation processes personal data in the following contexts:

  • offering goods or services to individuals in the EU, or
  • monitoring the behaviour of individuals in the EU.

This obligation applies to both data controllers and data processors.

An EU representative serves as a contact point between your company and individuals or data protection authorities in the EU. An EU representative therefore acts on your company’s behalf with regard to your obligations under the GDPR. Furthermore, the representative maintains your records of processing activities and makes these records available to supervisory authorities upon request.

EU representatives can be external service providers, and the role can be performed by individuals or organisations, such as law firms, consultancies, or other private companies. They must be based in one of the countries where customers or data subjects that are being monitored are located or where your goods or services are being offered.

The GDPR does not specify the minimum qualifications an EU representative should hold. However, it is advisable to appoint a representative that has a broad understanding of the relevant legal and technical data protection issues in order to be able to communicate with the authorities efficiently. Furthermore, as an EU representative serves as the contact point between your company and data subjects or authorities, it is thus essential that the representative speaks the local language fluently.

How much you can expect to pay for an EU representative under the GDPR depends on several factors, for example, the size of your company, the number of employees, what data you process and how many locations in how many countries you have. These all influence the amount of queries and attention from supervisory authorities your company may expect to receive. Furthermore, the costs for an EU representative are influenced by how much support you may need in creating and maintaining the necessary data protection documents (especially the records of processing activities – ROPA).

Contact us!