EU Representative Services

GDPR accountability principle

What is an EU Representative?


Under the EU General Data Protection Regulations, if your company is processing personal data belonging to citizens of any EU member state, you must consider appointing an EU representative to meet GDPR compliance.


An EU representative is your point of contact with the EU data subjects, as well as the supervisory authorities.


In the EU, member states have their own data protection authorities. So, it is necessary for the EU representative to act on your behalf in communications with those different national authorities.


When do you need an EU Representative?

So, unless your processing of personal data is occasional and not significant, a GDPR EU Representative must be appointed.


Additionally, this also applies to UK Government regulations, the UK Data Protection Act 2018, because you are required to appoint a representative in the UK.


Do you already have an office or other establishment in the EU?  If so, then a named individual in that office can undertake the representative acts required for your company to be GDPR compliant.


Therefore, your organisation, regardless of its size, must comply with Article 27 of the EU General Data Protection Regulations.  This means appointing an EU Representative if:


  • You offer goods and services to individuals in the EU, and you do not have an EU establishment, or
  • You monitor the behaviour of individuals in the EU, and you do not have an EU establishment


Equally, the GDPR applies to both Data Controllers and  Data Processors who hold, control or process personal data of EU individuals.


Can a Data Protection Officer be an EU Representative?

No, not according to recent guidance from the European Data Protection Board.  Why? Well, Data Protection Officers must be objective and not take instructions from the management of an organisation.


Conversely, an EU Representative is acting on behalf of and taking instructions from, the company he or she represents.


Accordingly, the EDPB advises that a representative should be a single named individual.  This individual must be the main point of contact for any supervisory authority of an EU member state.


How our EU Representative service works

At Data Protection 4 Business, we only represent organisations who have demonstrated that they have appropriate data protection compliance in place.


Consequently, the price of our service is competitive and affordable for smaller sized companies.  Our annual fees start from £500 and a one-off fee of £350 covers the initial setup costs.


As an EU Representative, it is our responsibility to have an updated copy of your record of processing activities.  We must also be the named contact for any questions from EU individuals, such as subject access requests.


Equally, we can liaise with Regulators and communicate to your customers if there is a data breach.


It is our experience that some law firms provide this service. Often, only at a price that larger organisations can afford.


Our mission is to support small and medium-sized businesses that want to comply with the Data Protection regulations.  So, this applies to companies outside the EU too.


Our Partners

Recently, we have established a partnership in Australia and New Zealand.  So, we are delighted to introduce Sainty Law, our partners based in Sydney.


Sainty Law will provide privacy compliance services to a wide range of businesses based in Australasia.


Sainty Law’s commercial practice has a digital, media, technology

and data protection focus.

As a result, organisations in Australia and New Zealand can work with both of us, for all their data protection requirements.


Together, we have built a demonstrable GDPR compliance framework, which will help clients understand their responsibilities for GDPR compliance.


Therefore, clients can be confident that they meet the appropriate compliance standards.  So, in turn, we can be confident to be your EU Representative.


Our partners share our ethos and commitment to supporting organisations. Consequently, we support you to do the right thing for your data protection compliance.


Like us, our partners believe that customer and employee engagement is strengthened when a company takes its responsibilities for personal data seriously. So, if your company is interested in becoming a partner, please let us know.


We are currently looking for partners in Hong Kong, Singapore and Canada.


If you would like us to be your EU Representative or

are interested in partnering with us, please contact us today.

Working with the wider community

At Data Protection 4 Business, we are members of the International Association of Privacy ProfessionalsData Protection ForumInformation & Records Management Society and the National Association of Data Protection Officers.


Also, we attend industry events arranged by the ICO and World Data Protection ForumWe are also proud to be engaged with the Data Engineering and AI communities because we work together to build privacy solutions into our digital and AI futures.


So, through our network of  partners and associated specialist companies we can offer our clients:

  • Legal advice on GDPR –revision of contracts and HR requirements.
  • Technology companies providing software solutions for compliance.
  • Specialist sector partners to build online training courses.
  • IT Security & Cyber Security protection.
  • Insurance protection for GDPR and Data & Cyber Breaches.


At Data Protection 4 Business, we are small enough to care yet large enough to offer a wealth of knowledge and solutions to our clients.


Be Data SMART. Be Compliant.

Data Protection is here to stay.

Sign up to our Newsletter HERE to receive updates and insights for data protection compliance