Our EU Representative Services

graphic

Do you need to Appoint a Data Protection Representative in the EU?

  • Your company is based outside the EU/EEA* and doesn't have an establishment there
  • Your company offers goods or services to individuals in the EU/EEA* (for payment or for free) and/or you monitor their behavior (such as tracking, profiling, etc.)

Still not sure if you need to appoint a Data Protection Representative?

*EEA = European Economic Area, which includes Norway, Liechtenstein and Iceland.

We provide a full range of high-quality representation services

We are passionate about client service. Really passionate.
We strive to understand your needs and expectations to provide you with personalized services.
EU Representation services in the entire EU/EEA

We act in your name and on your behalf in the entire EU/EEA for GDPR purposes. We are located in Brussels, the EU’s capital, and are therefore close to EU institutions, decision-makers and influencers. We also have offices throughout Europe to support you as closely as possible as your GDPR representative. As confirmed by the Guidelines of the European Data Protection Board, your EU representative must only be established in one – and only one – of the EU/EEA countries where the data subjects whose personal data your company processes are located. If your company processes personal data of individuals who are located in more than one EU country, then you can choose in which country to appoint your EU representative.

Data Subject Access Requests (DSARs)

We handle an unlimited number of DSARs across the entire EU/EEA. By “handling”, we mean that we receive requests, perform identity checks (if you instruct us to do so), forward the requests to you (with a free English translation if needed), answer your questions as to best practices on how to respond to the requests and reply to the data subjects on your behalf (with, again, a free translation if needed), unless you choose to answer yourself. We aren’t just a mailbox or message forwarding service.

Requests from Data Protection Authorities

We handle an unlimited number of requests from DPAs in the EU/EEA. We understand that it can be quite daunting for companies to be contacted by DPA’s. That’s why our team handles such requests with great care and diligence (including free translation if needed).

Data Breach Notification Support
We assist and support you in the handling of an unlimited number of data breach notifications in the EU/EEA. Given that every data protection authority (DPA) has different requirements for data breach notifications (including filing in the country’s official language), the entire process can be very challenging – especially given the tight 72-hour deadline to notify a data breach to the DPAs. We assist in reducing the time and resources – and stress! – required to complete your data breach notifications.

IMPORTANT NOTICE IN CASE OF DATE BREACH: Our contract will not automatically terminate in the event that you experience a data breach. We support you all the time and all the way.

Compliance Certificate

We provide you with a GDPR Article 27 Compliance Certificate based on data protection technology through a unique high-level encryption / decryption process (including Blockchain technology) which can be used on your website and on your company material. Check our compliance page to see what it looks like!

Top-level Security with ISO 27001 Certification

We are proud to be ISO 27001 certified, which is the latest, highest and most comprehensive in-depth security certification. It demonstrates our commitment to information security and confirms that we implemented industry-leading security practices to protect our clients data. The scope of our certification covers all our processes involved in the provision of data protection Representative services in the EU/EEA and in the UK for companies located outside the EU/EEA and/or the UK, pursuant to Article 27 of the EU & UK GDPR.

Dedicated Client Support

We answer your questions and keep you informed on GDPR matters that can impact your non-EU business. Our team covers all aspects of the GDPR (legal, IT, security, risk management, governance, etc.) and our experts are at your disposal to assist you even beyond local office hours and taking into account your international time zone. 

Translation

We provide you with a free English translation of all requests from data subjects and data protection authorities as well as a free English-to-original language reply. We also provide you with access to our digital data breach notification platform which includes an English translation of the data breach notifications forms of the relevant Data Protection Authorities in the EU/EEA. 

Privacy Policy / Documentation wording

We provide you with the wording that you have to include in your privacy policy on your website or in other documents (e.g. those required in clinical trials) with respect to the appointment of EDPO as your EU representative, including EDPO’s contact details and logo.

EDPO

 Just Stands Out

Partner and Head of the European Cyber/Data/Privacy practice of a top-tier American international law firm

What should you look for in an EU & UK Data Protection Representative ?

Here is our checklist for the appointment of your EU & UK Data Protection Representative
  • What services are included? Are there any extra (hidden) costs?
  • What languages are covered? Is translation included in the fees?
  • Who is the team? What are their qualifications and experience?
  • Does the Data Protection Representative provide data breach notification support?
  • What services are included? Are there any extra (hidden) costs?
  • What languages are covered? Is translation included in the fees?
  • Who is the team? What are their qualifications and experience?
  • Does the Data Protection Representative provide data breach
    notification support?

We cover the world. We cover all industries.

You'll find below a non-exhaustive list of industries that already work with us. 

Frequently Asked Questions

Check our FAQ page for more questions and answers.

How does the EU Representative assist non-EU companies?

The main task of the Data Protection Representative in the EU is to act as a point of contact for the data protection authorities and individuals in the EU whose personal data is being processed by non-EU companies.

The representative acts on behalf of non-EU companies, performing its tasks according to the mandate received from them, including cooperating with the data protection authorities with regard to any action taken to ensure compliance with the GDPR.

The Data Protection Representative also has to maintain records of the processing activities of their clients.

Where does the EU Representative have to be located?

Your EU GDPR representative must be located in a (single) country in the EU where the individuals whose data are being processed are located. If your company generally targets the entire EU, then it can choose the country where it wants to base its representative. As Brussels is the capital of the EU, it is a preferred location for non-EU companies to designate their GDPR representatives.

Do your services cover all EU countries or only certain countries?

Our services cover the entire EU/EEA by default. If your company is only active in certain countries, please let us know, as this will impact the choice of the country where you need to appoint us. That being said, if your company is active everywhere in the EU/EEA or plans to grow, you’ll always be covered.

Does designating a Data Protection Representative release the non-EU companies from liability and responsibility?

NO. The GDPR clearly states that the designation of a Data Protection Representative does not affect the responsibility and liability of the non-EU companies that fall within the scope of the GDPR. The designation is without prejudice to legal actions which could be initiated against the non-EU companies.

How much does it cost to appoint an EU Representative?

Our Data Protection Representative fees are based on the size of your company (in terms of number of employees), the type of data (regular data and/or sensitive data) that your company processes, whether or not your company’s processing operations require regular and systematic monitoring of individuals in the EU and whether your company processes personal data on a large scale. All packages can be tailored to your company’s specific needs.

Click here to know more about our EU Representative fees.

If you also need to appoint us as a UK or a Swiss Representative, please let us know as we have discounted prices.

Do the EU representative services cover the UK or Switzerland too?

No. Given that the UK has left the EU, it is a separate jurisdiction which has its own UK GDPR. Switzerland is not in the EU/EEA and also has its own Data Protection Law. If your company is active in the EU, UK and Switzerland, you will need to appoint up to three Representatives. Head over to our UK Representative page or our Swiss Representative page to learn more.