EU representative according to the GDPR
The GDPR has introduced an obligation to appoint a representative in the Union for many organisations that have no physical presence in the EU.
Our lawyers and data protection experts will gladly assist non-EU businesses as EU representative to fulfil this duty.
All facts about the EU representative
In a nutshell: Everything you need to know about the representative in the Union according to the EU General Data Protection Regulation (GDPR).
Which companies need an EU representative?
Companies that do not have offices, branches or other establishments in the EU, yet conduct business with European clients have to appoint an EU representative. Specifically, under the GDPR, you must appoint an EU Representative if you process personal data in the following contexts:
- the offering of goods or services to individuals in the EU (irrespective of whether they are free of charge), or
- the monitoring of behaviour of individuals in the EU (as far as their behaviour takes place within the EU).
This obligation applies to both, controllers and processors.
What are the tasks of an EU representative?
The EU representative is the local liaison with the data subjects and the supervisory authorities. Thus, the representative acts on behalf of the controller or the processor with regard to their obligations under the GDPR.
The EU representative shall also maintain records of processing activities and make these records available to the supervisory authorities upon their request.
Who can be an EU representative?
EU representatives may be external service providers, either individuals or organizations, such as law firms, consultancies, private companies etc. They must be based in one of the countries where the customers or monitored data subjects are located.
It is a good practice to choose an EU Representative that is based in the country where the majority of data subjects are located, but it is not strictly necessary. The actual location of the processing is irrelevant.
Which qualifications should an EU representative have?
The GDPR does not specify the minimum qualifications EU representatives must hold. However, it is strongly advisable to consider a representative that has a broad understanding of legal and technical data protection issues in order to be able to communicate with the authorities efficiently.
Furthermore, as a contact point between the company and data subjects or authorities, knowledge of local languages is necessary.
Our services as your representative in the Union
We offer three flat-rate packages to choose from: If you simply need an EU representative, our basic package is the right choice. However, if you need support for your GDPR compliance, please choose – depending on the scope of your data processing – between business and management.
Service | Basic | Business | Management |
---|---|---|---|
Appointment of an EU Representative | All EU-countries | All EU-countries | All EU-countries |
Maintaining records of processing activities | |||
Number of queries by data subjects or authorities included | 5 per month | 10 per month | 15 per month |
Answering of unlimited data protection-related queries for ordering party | Per query ≤ 15 minutes |
Per query ≤ 30 minutes |
Per query ≤ 45 minutes |
GDPR-compliant template for records of processing activities | |||
Establishing records of processing activities | 5 processing activities / year | 10 processing activities / year | |
General overview of technical and organisational measures - questionnaire | |||
Review of privacy policy on website (without a shop) | 1x annually | 1x annually | |
Commissioned processing: Contract inspection and review (not on-site) | 1x quarterly | 2x quarterly | |
Service | Basic |
---|---|
Appointment of an EU Representative | All EU-countries |
Maintaining records of processing activities | |
Number of queries by data subjects or authorities included | 5 per month |
Answering of unlimited data protection-related queries for ordering party | Per query ≤ 15 minutes |
GDPR-compliant template for records of processing activities | |
Establishing records of processing activities | |
General overview of technical and organisational measures - questionnaire | |
Review of privacy policy on website (without a shop) | |
Commissioned processing: Contract inspection and review (not on-site) | |
Service | Business |
---|---|
Appointment of an EU Representative | All EU-countries |
Maintaining records of processing activities | |
Number of queries by data subjects or authorities included | 10 per month |
Answering of unlimited data protection-related queries for ordering party | Per query ≤ 30 minutes |
GDPR-compliant template for records of processing activities | |
Establishing records of processing activities | 5 processing activities / year |
General overview of technical and organisational measures - questionnaire | |
Review of privacy policy on website (without a shop) | 1x annually |
Commissioned processing: Contract inspection and review (not on-site) | 1x quarterly |
Service | Management |
---|---|
Appointment of an EU Representative | All EU-countries |
Maintaining records of processing activities | |
Number of queries by data subjects or authorities included | 15 per month |
Answering of unlimited data protection-related queries for ordering party | Per query ≤ 45 minutes |
GDPR-compliant template for records of processing activities | |
Establishing records of processing activities | 10 processing activities / year |
General overview of technical and organisational measures - questionnaire | |
Review of privacy policy on website (without a shop) | 1x annually |
Commissioned processing: Contract inspection and review (not on-site) | 2x quarterly |
Why you should choose activeMind.legal as your EU representative
We are a well-established law firm with offices in Berlin and Munich. Our lawyers and experts have many years of experience and various data protection and data security certifications.
We have broad experience in dealing with local authorities in the EU, as well as with data subjects. We also assist our clients with processing records on a daily basis.
Our international team speaks 10+ European languages and knows the data protection laws of many EU countries in detail.