EDPO’s fees for GDPR representative services are tailored to your company’s specific needs.

How much does it cost to designate EDPO as your company’s data protection representative in the EU?

Our GDPR representative fees are based on the size of your company (in terms of number of employees), the type of data ( regular data  and/or  sensitive data ) that your company processes, whether or not your company’s processing operations require regular and systematic monitoring of individuals in the EU and whether your company processes personal data on a  large scale All packages can be tailored to your company’s specific needs.Contact us for a fee quote!


 All fees include the following services :

  • The handling of an unlimited number of requests from individuals in the EU
  • The handling of an unlimited number of requests from the data protection authorities
  • The storage of a copy of your Register of processing activities on a plartform which has the highest and most in-depth security certification 
  • Assistance with the handling of an unlimited number of data breach notifications
  • The right to use EDPO’s contact details and logo on your website and on other company material
  • The right to use the EDPO Compliance Certificate which is based on Blockchain technology
  • Alerts on relevant GDPR-related news and developments regarding your company’s compliance with the GDPR

Our fees are all-inclusive. No hidden costs. No surprises.


Here’s an indicative list of our GDPR Representative fees :


* Fees are payable in up-front annual payments

Services that don’t fall within the scope of these packages will be discussed with you beforehand. We won’t charge you for anything that you haven’t agreed to. 

European Data Protection Office

EDPO • Avenue Huart Hamoir 71, 1030 Brussels • Belgium

  VAT : BE0689.629.220 • E-mail :

Regular Data

Personal data under the GDPR has a very broad interpretation and includes any information that relates to an identified or identifiable natural person: name, pictures, addresses, phone numbers, e-mail addresses, IP addresses (even dynamic), identification numbers, location data, age, origins, pseudo, etc.

Sensitive Data

Sensitive data is personal data that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, or genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or a natural person’s sex life or sexual orientation.



What is considered to be processing “on a large scale”?

The GDPR does not define what constitutes “large scale” processing but guidelines on the interpretation of the GDPR recommend that the following factors be considered when determining whether the processing is carried out on a large scale :

-the number of individuals concerned – either as a specific number or as a proportion of the relevant population
-the volume of data and/or the range of different data items being processed
-the duration, or permanence, of the data processing activity
-the geographical extent of the processing activity

Examples of large-scale processing include :

-processing of patient data in the regular course of business by a hospital
-processing of travel data of individuals using a city’s public transport system (e.g. tracking via travel cards)
-processing of real time geo-location data of customers of an international fast food chain for statistical purposes by a processor specialised in providing these services
-processing of customer data in the regular course of business by an insurance company or a bank
-processing of personal data for behavioural advertising by a search engine
-processing of data (content, traffic, location) by telephone or internet service providers

Examples that do not constitute large-scale processing include :

-processing of patient data by an individual doctor
-processing of personal data relating to criminal convictions and offences by an individual lawyer