FAQ-Kategorie: Representative pursuant to Art. 27 GDPR

The EU representative pursuant to Art. 27 GDPR is defined in the Regulation itself as:
“a natural or legal person in the Union who is designated by the controller or processor in writing pursuant to Article 27 GDPR to represent the controller or processor in relation to the obligations imposed on them by this Regulation.” (cf. Article 4 No. 17 GDPR)

The EU representative performs representative tasks for the organisation within the European Union. They also provide support in complying with the requirements of the GDPR, in particular in contact with supervisory authorities and data subjects.

Note: This information is for general information purposes only and does not replace individual legal advice.

A non-European organisation requires an EU representative in accordance with Art. 27 GDPR if it does not have a branch within the EU but nevertheless:

• offers goods or services to persons in the EU, whether for payment or free of charge,
• or observes the behavior of persons within the EU—in particular through measures such as tracking, profiling, or web analysis.

In these cases, the market location principle applies, which means that the organisation falls within the scope of the GDPR.

Note: This information is for general guidance only and does not constitute individual legal advice.

The EU representative pursuant to Art. 27 GDPR acts as a central point of contact for data protection issues in Europe – both for employees of the non-European organisation and for European and national supervisory authorities as well as for data subjects whose personal data is processed.

In addition, the representative supports the organisation in fulfilling its data protection obligations. This includes in particular:

• receiving and forwarding requests from data subjects (e.g., requests for information or erasure)
• communicating with supervisory authorities,
• and providing the record of processing activities upon request.

Note: This information does not replace individual legal advice.

European data protection law aims to ensure a uniform level of protection for personal data within the EU and thus to take into account the protection of this data as enshrined in fundamental rights. In order to ensure this protection in an increasingly digitalized world, the General Data Protection Regulation (GDPR) introduces the so-called market location principle.  

This means that non-European organisations may also process personal data of EU citizens—provided that they offer their products or services in the EU or observe the behavior of data subjects within the EU. In these cases, however, the processing falls within the scope of the GDPR. Accordingly, affected companies may have to appoint a representative in the EU (Art. 27 GDPR).  

Note: This information does not constitute individual legal advice.