EU Representative – Art. 27 GDPR

EU Representative according to Art. 27 GDPR

As you will be aware, effective May 25th, 2018, the new General Data Protection Regulation hands out a set of new rules, one of which being the obligation to designate a EU-Representative when doing business within the EU – regardless of one’s own location. Only one Representative is required for all of the EU.

Who needs a Representative?

You do. When you are offering goods or services within the EU but are located abroad or when you are monitoring the behavior of persons residing in the EU, you will need a Representative. You are, however, exempt from this obligation if you process data only occasionally and you do not deal with large-scale processing of special categories of personal data.

Special categories are defined in Art. 9 (1) GDPR: “Processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, …and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation shall be prohibited.” There are, of course, exceptions.

Thus, a EU Representative will be required for any company within the adult entertainment business as these companies on occasion collect user data such as images or, via his or her behavior on a site, know about his or her sexual orientation.

It ensures also that EU citizens will be able to contact the controller (you) outside of Europe that hold their personal data, without having the potentially difficult and costly effort required to contact them at their base.

Failure to comply

Failing to comply may result in harsh fines (Art. 83 GDPR) up to 10 million euros. It may also be considered as unfair competition not to comply which may result in expensive law-suits in Germany or other EU-countries.

How do I mandate a Representative?

The attorneys of our firm serve as EU-Representatives according to Art. 27 GDPR. Dr. Daniel Kötz is a certified Data Protection Officer and serves as a designated DMCA-Agent for several companies wishing to comply with U.S. law, but who do not reside within the country. He is now also Representative for companies residing in the U.S. and other countries. Dr. Kötz is a member of the First Amendment Lawyers Association for more than a decade.

Designation will take place in writing; the document (contract) contains our tasks. You’ll have our name on your site as your Representatives. You are obliged to inform your customers about this fact in your privacy policy.

What are the tasks of the Representative?

Our task is mainly to serve as a contact within the EU for any supervisory authority. We receive legal document and act on your behalf (which will, of course, be clearly defined before we act). Furthermore, we have to keep the record processing activities und your responsibility (see Art. 30 (1) GDPR) for you and we must be put into a position enabling us to inform authorities as per their requests. We are your agent when a person (data subject) makes a request.


While other companies charge up to ca. 2,600.00 euros per year, we charge less than half of that. Simply  send us an e-mail and we’ll be glad to inform you about costs and more!

Further information can be found in Recital 80 of the GDPR.