PRICING
EDPO’s fees for GDPR representative services are tailored to your company’s specific needs.
How much does it cost to designate EDPO as your company’s GDPR Data Protection Representative in the EU?
Our GDPR Data Protection Representative fees are based on the size of your company (in terms of number of employees), the type of data (regular data and/or sensitive data) that your company processes, whether or not your company’s processing operations require regular and systematic monitoring of individuals in the EU and whether your company processes personal data on a large scale.
All packages can be tailored to your company’s specific needs.
All fees include the following services:
- The handling of an unlimited number of requests from individuals in the EU
- The handling of an unlimited number of requests from the data protection authorities
- The storage of a copy of your Register of processing activities on a plartform which has the highest and most in-depth security certification (ISO27001)
- Assistance with the handling of an unlimited number of data breach notifications
- The right to use EDPO’s contact details and logo on your website and on other company material
- The right to use the EDPO Compliance Certificate which is based on Blockchain technology
- Alerts on relevant GDPR-related news and developments regarding your company’s compliance with the GDPR
Our fees are all-inclusive. No hidden costs. No surprises.
Here’s an indicative list of our EU GDPR
Data Protection Representative fees*:
Choose your currency here :
* Fees are payable in up-front annual payments
Special Offer
Also appoint EPDO UK as your UK Representative and get a reduction of 30% off the EU Representative price!
Small Companies
125 € / Month*
- Less than 50 employees
- No processing of sensitive data
- No large scale processing of EU personal data
Medium Companies
225 € / Month*
- Between 51 and 250 employees
- No processing of sensitive data
- No large scale processing of EU personal data
Large companies
400 € / Month*
- Between 251 and 500 employees
- No processing of sensitive data
- No large scale processing of EU personal data
Very Large / Special Categories
1,000 € / Month*
- More than 500 employees and/or
- Processing of sensitive data and/or
- Large scale processing of EU personal data and/or
- Financial institutions and/or
- Other complex processing activities
Law firms
Fees depend on size of firm*
- Between 1 and 20 lawyers/staff : 175 €
- Between 21 and 100 lawyers/staff : 375 €
- Between 101 and 500 lawyers/staff : 850 €
- More than 500 lawyers/staff : 1,000 €
- These fees are charged on a monthly basis
Small Companies
125 € / Month*
- Less than 50 employees
- No processing of sensitive data
- No large scale processing of EU personal data
Medium Companies
225 € / Month*
- Between 51 and 250 employees
- No processing of sensitive data
- No large scale processing of EU personal data
Large companies
400 € / Month*
- Between 251 and 500 employees
- No processing of sensitive data
- No large scale processing of EU personal data
Very Large / Special Categories
1,000 € / Month*
- More than 500 employees and/or
- Processing of sensitive data and/or
- Large scale processing of EU personal data and/or
- Financial institutions and/or
- Other complex processing activities
Law firms
Fees depend on size of firm*
- Between 1 and 20 lawyers/staff : 175 €
- Between 21 and 100 lawyers/staff : 375 €
- Between 101 and 500 lawyers/staff : 850 €
- More than 500 lawyers/staff : 1,000 €
- These fees are charged on a monthly basis
What is considered to be processing “on a large scale”?
The GDPR does not define what constitutes “large scale” processing but guidelines on the interpretation of the GDPR recommend that the following factors be considered when determining whether the processing is carried out on a large scale :
-the number of individuals concerned – either as a specific number or as a proportion of the relevant population
-the volume of data and/or the range of different data items being processed
-the duration, or permanence, of the data processing activity
-the geographical extent of the processing activity
Examples of large-scale processing include :
-processing of patient data in the regular course of business by a hospital
-processing of travel data of individuals using a city’s public transport system (e.g. tracking via travel cards)
-processing of real time geo-location data of customers of an international fast food chain for statistical purposes by a processor specialised in providing these services
-processing of customer data in the regular course of business by an insurance company or a bank
-processing of personal data for behavioural advertising by a search engine
-processing of data (content, traffic, location) by telephone or internet service providers
Examples that do not constitute large-scale processing include :
-processing of patient data by an individual doctor
-processing of personal data relating to criminal convictions and offences by an individual lawyer
What is sensitive data ?
Sensitive data is personal data that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, or genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or a natural person’s sex life or sexual orientation.
What is personal data ?
Personal data under the GDPR has a very broad interpretation and includes any information that relates to an identified or identifiable natural person: name, pictures, addresses, phone numbers, e-mail addresses, IP addresses (even dynamic), identification numbers, location data, age, origins, pseudo, etc.