PRICING
EDPO’s fees for GDPR representative services are tailored to your company’s specific needs.
How much does it cost to designate EDPO as your company’s GDPR Data Protection Representative in the EU?
Our GDPR Data Protection Representative fees are based on the size of your company (in terms of number of employees), the type of data (regular data and/or sensitive data) that your company processes, whether or not your company’s processing operations require regular and systematic monitoring of individuals in the EU and whether your company processes personal data on a large scale.
All packages can be tailored to your company’s specific needs.
All fees include the following services:
- The handling of an unlimited number of requests from individuals (data subjects) in the EU
- The handling of an unlimited number of requests from the data protection authorities
- The storage of a copy of your Record of processing activities on a plartform which has the highest and most in-depth security certification (ISO27001)
- Assistance with the handling of an unlimited number of data breach notifications
- The right to use EDPO’s contact details and logo on your website and on other company material
- The right to use the EDPO Compliance Certificate which is based on Blockchain technology
- Alerts on relevant GDPR-related news and developments regarding your company’s compliance with the GDPR
- Translation of requests and replies (from the initial language into English, and from English back to the initial language)
Our fees are all-inclusive. No hidden costs. No surprises.
Here’s an indicative list of our EU GDPR Data Protection Representative fees*:
Choose your currency here:
Special Offer
Also appoint EPDO UK as your UK Representative and get 20% off the UK Representative price!
Small Companies
125 € / Month
- Less than 50 employees
- No large scale processing of EU personal data
Medium Companies
225 € / Month
- Between 51 and 250 employees
- No large scale processing of EU personal data
Large companies
400 € / Month
- Between 251 and 500 employees
- No large scale processing of EU personal data
Very Large / Special Categories
- More than 500 employees
- Large scale processing of EU personal data
- Financial institutions
- Other complex processing activities
Additional fees may apply in case of processing of sensitive data.
The fees are payable in upfront annual payments.
Small companies
125 € / Month*
- Less than 50 employees
- No large scale processing of EU personal data
Medium Companies
225 € / Month*
- Between 51 and 250 employees
- No large scale processing of EU personal data
Large companies
400 € / Month*
- Between 251 and 500 employees
- No large scale processing of EU personal data
Very Large / Special Categories
1,000 € / Month*
- More than 500 employees
- Processing of sensitive data
- Large scale processing of EU personal data
- Financial institutions
- Other complex processing activities
What is considered to be processing “on a large scale”?
The GDPR does not define what constitutes “large scale” processing but guidelines on the interpretation of the GDPR recommend that the following factors be considered when determining whether the processing is carried out on a large scale :
-the number of individuals concerned – either as a specific number or as a proportion of the relevant population
-the volume of data and/or the range of different data items being processed
-the duration, or permanence, of the data processing activity
-the geographical extent of the processing activity
Examples of large-scale processing include :
-processing of patient data in the regular course of business by a hospital
-processing of travel data of individuals using a city’s public transport system (e.g. tracking via travel cards)
-processing of real time geo-location data of customers of an international fast food chain for statistical purposes by a processor specialised in providing these services
-processing of customer data in the regular course of business by an insurance company or a bank
-processing of personal data for behavioural advertising by a search engine
-processing of data (content, traffic, location) by telephone or internet service providers
Examples that do not constitute large-scale processing include :
-processing of patient data by an individual doctor
-processing of personal data relating to criminal convictions and offences by an individual lawyer
What is sensitive data ?
Sensitive data is personal data that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, or genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or a natural person’s sex life or sexual orientation.
What is personal data ?
Personal data under the GDPR has a very broad interpretation and includes any information that relates to an identified or identifiable natural person: name, pictures, addresses, phone numbers, e-mail addresses, IP addresses (even dynamic), identification numbers, location data, age, origins, pseudo, etc.