PRICING

EDPO’s fees for GDPR representative services are tailored to your company’s specific needs.

Contact us for a fee quote

How much does it cost to designate EDPO as your company’s data protection representative in the EU?

Our GDPR representative fees are based on the size of your company (in terms of number of employees), the type of data ( regular data  and/or  sensitive data ) that your company processes, whether or not your company’s processing operations require regular and systematic monitoring of individuals in the EU and whether your company processes personal data on a  large scale All packages can be tailored to your company’s specific needs. Contact us for a fee quote!

 

All fees include the following services :

  • The handling of an unlimited number of requests from individuals in the EU
  • The handling of an unlimited number of requests from the data protection authorities
  • Assistance with the handling of an unlimited number of data breach notifications
  • The right to use EDPO’s contact details and logo on your website and on other company material
  • The right to use the EDPO compliance certificate
  • Alerts on relevant GDPR-related news and developments regarding your company’s compliance with the GDPR

Our fees are all-inclusive. No hidden costs. No surprises.

 

Here’s an indicative list of our GDPR representative fees :

 

Small Companies

125/Month*
  • Less than 50 employees
  • No processing of sensitive data
  • No large scale processing of EU personal data
  •  
  •  
Get a fee quote

Medium Companies

225/Month*
  • Between 51 and 250 employees
  • No processing of sensitive data
  • No large scale processing of EU personal data
  •  
  •  
GET A FEE QUOTE

Large companies

400/Month*
  • Between 251 and 500 employees
  • No processing of sensitive data
  • No large scale processing of EU personal data
  •  
  •  
GET A FEE QUOTE

Very Large / Special Categories

1000/Month*
  • More than 500 employees and/or
  • Processing of sensitive data and/or
  • Large scale processing of EU personal data and/or
  • Financial institutions and/or
  • Other complex processing activities
Get a fee quote

Law firms

Fees depend on size of firm*
  • Between 1 and 20 lawyers/staff : 175 € 
  • Between 21 and 100 lawyers/staff : 375 
  • Between 101 and 500 lawyers/staff : 850 
  • More than 500 lawyers/staff : 1000 
  • These fees are charged on a monthly basis
Get a fee quote

* Fees are payable in up-front annual payments

Services that don’t fall within the scope of these packages will be discussed with you beforehand. We won’t charge you for anything that you haven’t agreed to. 

European Data Protection Office

EDPO • Avenue Huart Hamoir 71, 1030 Brussels • Belgium

  VAT : BE0689.629.220 • E-mail : info@edpo.com

Regular Data

Personal data under the GDPR has a very broad interpretation and includes any information that relates to an identified or identifiable natural person: name, pictures, addresses, phone numbers, e-mail addresses, IP addresses (even dynamic), identification numbers, location data, age, origins, pseudo, etc.

Sensitive Data

Sensitive data is personal data that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, or genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or a natural person’s sex life or sexual orientation.

.

 

What is considered to be processing “on a large scale”?

The GDPR does not define what constitutes “large scale” processing but guidelines on the interpretation of the GDPR recommend that the following factors be considered when determining whether the processing is carried out on a large scale :

-the number of individuals concerned – either as a specific number or as a proportion of the relevant population
-the volume of data and/or the range of different data items being processed
-the duration, or permanence, of the data processing activity
-the geographical extent of the processing activity

Examples of large-scale processing include :

-processing of patient data in the regular course of business by a hospital
-processing of travel data of individuals using a city’s public transport system (e.g. tracking via travel cards)
-processing of real time geo-location data of customers of an international fast food chain for statistical purposes by a processor specialised in providing these services
-processing of customer data in the regular course of business by an insurance company or a bank
-processing of personal data for behavioural advertising by a search engine
-processing of data (content, traffic, location) by telephone or internet service providers

Examples that do not constitute large-scale processing include :

-processing of patient data by an individual doctor
-processing of personal data relating to criminal convictions and offences by an individual lawyer