Openli logo

GDPR Representative

If you do not have an office in the EU/EEA, but still process data from individuals based in the EU/EEA, then you still need to comply with the GDPR regarding your data processing and the GDPR requires you to appoint a representative.

What is a GDPR Representative?

If you do not have an office in the EU/EEA, but still process data from individuals based in the EU/EEA, then you still need to comply with the GDPR regarding your data processing.

As you do not have a base inside the EU/EEA, the GDPR requires you to appoint a representative. This representative needs to be set up in an EU or EEA state where some of the individuals whose personal data you are processing are located.

You need to authorise the representative, in writing, to act on your behalf regarding your GDPR compliance. Be aware that a Data Representative is not a Data Protection Officer (DPO). It is a distinct role with its own responsibilities.

What are the duties of the GDPR Representative?

The representative’s role is to ensure that you comply with the GDPR by enabling communication with individuals in Europe and European data protection authorities.

Your representative can be an individual, or a company or organisation, and must be able to represent you regarding your obligations under the GDPR (e.g. a law firm, consultancy or private company).

You should give details of your representative to EEA-based individuals whose personal data you are processing, this should be done by including the contact details in your privacy policy. The representative must also be able to act on your behalf with European data protection authorities.

Lastly, the representative will help you meet your Article 30 requirements (records of processing activities) and provide you with updates relating to the GDPR.

Read more about the record of processing.

Do you need a GDPR Representative?

You will most likely need to appoint a representative, If you are based outside the EU/EEA and do not have a branch, office or other establishment in any other EU or EEA state, but you either:

  • offer goods or services to individuals in the EU/EEA; or
  • monitor the behavior of individuals in the EU/EEA.

Watch a free video on Data Controller

Visit our Complaince School and learn about the different GDPR-related terms, including data controller, data processor and data subject, through a series of free video lectures.

image Watch now

Join our free GDPR & compliance webinars

Ask question, learn from experts and become smarter about GDPR and privacy compliance by joining our free webinars.

See upcoming webinars

Vet vendors with Privacy Hub

Find GDPR information about all your vendors in one place.

Learn more about Privacy Hub

Join our newsletter

Join our free bi-weekly newsletter focused on news and updates from the legal landscape of data privacy.