Why you need GDPR representation

Article 27 of the GDPR requires organizations based outside the United Kingdom or the European Economic Area (EEA) that regularly process personal data of residents in these areas to appoint a representative who:

  • Acts as a contact person for data subjects and supervisory authorities; and
  • Enables supervisory authorities to take enforcement action within the territories

The following rules apply:

  • Organizations not present in the UK and EEA will require separate representatives in both territories
  • UK organizations require a representative in the EEA
  • EEA organizations require a representative in the UK

This fact sheet explains which organizations need to appoint GDPR representatives for the EU and UK.

You can also click on one of the options below to speak to us

What the GDPR requires from a representative

Responsibilities

  • The representative must:
    • Cooperate with the supervisory authorities
    • Facilitate communication between those involved and your organization
    • Be easily accessible to data subjects in all relevant Member States
    • Maintain a processing register in accordance with Article 30 of the GDPR
  • Supervisory authorities, through the representative, may take enforcement action for non-compliance by the organization they represent

The position

  • The representative:
    • is appointed to represent controllers or processors not established in the EU and/or the UK
    • must be established in one of the Member States where the data subjects of the controller or processor reside
    • non-compliance may be subject to enforcement proceedings by the controller or processor
  • The representative can be an individual or a company, but with an assigned contact person
  • The representative will be identified in your privacy policy as the contact person for EU data subjects and regulators

Your AVG representative will work with you to:

Setting up your GDPR representation

  • Ensure that your privacy policy includes the representative's contact information
  • Understands your data flows
  • Evaluate previous gap analyses and impact assessments
  • Ensure that appropriate security measures are in place to protect the data of EU and UK residents
  • Be aware of any prior violations or non-compliance
  • Make a copy of your data on your processing register

Ongoing GDPR (AVG) representation

  • Continually maintain and update your processing register
  • Translating and answering questions from European and British data protection authorities and data subjects
  • Register and (if necessary) report violations
  • Receiving and recording data subject rights requests and advising on appropriate responses
  • Advising on data protection regulatory issues affecting your organisation

Make a request below

Fill in your details below and we will contact you as soon as possible

Scroll to Top