Skip to Main Content
Select regional store:
GDPR EU - Representative

GDPR EU Representative

SKU: 4969
Format: Consultancy
Published: 20 Jun 2018

Our EU representative service enables companies in North America that fall within the scope of the GDPR to meet their obligations under Article 27.

Inquire now


Appointing an EU representative

Organizations in North America that offer goods or services to individuals in the EU or monitor their behavior will generally have to appoint a representative established in an EU member state. The representative acts on your behalf in relation to your personal data processing activities and acts as a local contact for data subjects and supervisory authorities.


When do you need a representative?

Under Article 27 of the GDPR, organizations without a physical presence in the EU need to designate, in writing, an EU-based representative to deal with various aspects relating to data protection on behalf of or in conjunction with the organization. There are exemptions to this rule. The first is if the processing is occasional, does not include, on a large scale, processing of special categories of data or data relating to criminal convictions, and is unlikely to result in a risk to the rights and freedoms of individuals. The second is if the organization is a public authority or body.

Simply having a subsidiary based in the EU may not excuse you from needing an EU representative. If the subsidiary is managed at arm’s length via a services or distribution agreement and that EU based subsidiary entity doesn’t have control over the data-related decisions of the business, or the power to implement them, then the subsidiary may not be considered to have a main establishment in the EU for the purposes of GDPR, and therefore your organization may still need to designate an EU representative.


Our GDPR EU representative service

With this annual subscription service you will be supported by our qualified data privacy, legal and compliance team (GRCI Law1), which will serve as your EU representative as set out in the GDPR.

As appointed EU representative we shall:

  • Register our EU address as your GDPR representative address.
  • Be addressed on all issues related to your personal data processing activities.
  • Act as first point of contact for communications received from EU-based data subjects in relation to data subject rights requests and other general GDPR-related enquiries.
  • Act as first point of contact for communications received from EU supervisory authorities and liaise with them on all matters pertaining to the GDPR, e.g. responding to data subject rights complaints and personal data breach reporting.
  • Hold a record of your processing activities and make these available to the data protection authorities at their request.

1The GDPR EU Representative service is provided by GRCI Law Limited, a specialist in legal and compliance advisory services relating to data privacy, cybersecurity and information security (and a subsidiary of GRC International Group plc).


Speak to an expert

Please contact us for further information or to speak to our GDPR team.

+1 877 317 3454

Send inquiry

Customer Reviews

stars out of 5
(0# of Ratings:)
This website uses cookies. View our cookie policy