EU Representative

By appointing us as your EU representative, you will be fully compliant with Article 27 of the EU General Data Protection Regulation (GDPR).

Our representative service ensures your compliance with Article 27. We also provide a data subject access request (DSAR) portal to handle any requests you may receive from your EU data subjects or supervisory authorities in a GDPR compliant manner. When you appoint us as your representative, we provide the following:

Act as your representative in the Union

We will act on your behalf in the EU and may be addressed on all issues relating to your data processing activities and compliance with GDPR. As your representative, we will notify you of GDPR compliance and personal data requests we receive via mail or your data subject access request portal (DSAR).

Provide an EU presence

You may use our EU based business address as your GDPR representative address and nominate us as your representative in your privacy notices, including providing our contact information for all GDPR related communications.

Contact portal in 26 EU languages

Your dedicated contact portal enables data subjects (usually your customers or clients) and supervisory authorities to make requests in any of the 26 official languages of the EU member states.

Data subject access request portal

Your dedicated Data Subject Access Request (DSAR) portal enables you to collate, review and respond to all GDPR data subject and supervisory authority requests. Your DSAR is fully compliant with GDPR data processing requirements and is integrated with Google translation API to assist with translations.

Explore our contact portal and DSAR features

Maintain appropriate records

We maintain records of processing activities relating to your personal data processing requests, as required by GDPR Article 30.

How to comply with Article 27 GDPR

Article 27 consists of five separate clauses, three of which (clauses 1,3 & 4) require action on your behalf to ensure compliance. Below is an explanation of each of the five clauses and how you comply when you appoint us as your EU representative.

Article 27 (1):
"Where Article 3(2) applies, the controller or the processor shall designate in writing a representative in the Union."

When you register with our EU representative service, you (the controller or processor) designate us as your representative in the EU as part of the terms and conditions.

As long as we continue to act as your representative you remain compliant with this clause.

Article 27 (2):
"The obligation laid down in paragraph 1 of this Article shall not apply to:
(a) processing which is occasional, does not include, on a large scale, processing of special categories of data as referred to in Article 9(1) or processing of personal data relating to criminal convictions and offences referred to in Article 10, and is unlikely to result in a risk to the rights and freedoms of natural persons, taking into account the nature, context, scope and purposes of the processing; or
(b) a public authority or body. "

Paragraph 2 establishes when the obligations of Article 27 do not apply, e.g. If you are a public authority or body. There are no specific actions required by you under this paragraph.

If you are unsure if Article 27 applies to your organisation, try our 2-minute self-assessment to help determine if you need to appoint an EU representative.

Article 27 (3):
"The representative shall be established in one of the Member States where the data subjects, whose personal data are processed in relation to the offering of goods or services to them, or whose behaviour is monitored, are."

This clause requires your EU representative to be located in one of the EU member states where a request may be initiated from.

There is no requirement for your representative to be established in the EU state where you have the most data subjects. If you have any data subjects in an EU member state, then that state is a viable option for your EU representative's location.

In practice, if you offer goods or services via a website or use website analytics to track visitors then more than likely you will have data subjects from most, if not all EU Member states. An exception to this may be if you restricted access to your site or tracking of visitors on a country-by-country basis within the Union.

In our case, before appointing Juksta as your representative, you should establish you have data subjects in Ireland.

Article 27 (4):
"The representative shall be mandated by the controller or processor to be addressed in addition to or instead of the controller or the processor by, in particular, supervisory authorities and data subjects, on all issues related to processing, for the purposes of ensuring compliance with this Regulation."

When you sign-up for our EU representative service you (the controller or processor) provide this mandate to allow us to be addressed on your behalf as part of our terms and conditions.

Importantly, this clause establishes that we may be contacted "in addition to or instead of". This means data subjects still have the right to contact you directly if they choose.

Article 27 (5):
"The designation of a representative by the controller or processor shall be without prejudice to legal actions which could be initiated against the controller or the processor themselves."

Paragraph 5 establishes that your appointment of us as your EU representative does not exclude you from legal actions that may be initiated against you. There are no specific actions required by you under this paragraph to comply with Article 27.

Let's make you compliant

It is relatively easy to comply with Article 27 of EU GDPR. By appointing and maintaining an EU representative you will be compliant.

We are happy to act on your behalf, as your GDPR representative. Our monthly, flat-fee price is based on the size of your business.

Select your business size to appoint us as your GDPR representative in the EU today.