🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays 🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays 🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays 🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays
Call us on +(33)4 28 70 91 81
Log in

Article 27 of the GDPR: Representative of data controllers or subcontractors not established in the Union

Home GDPR articles decrypted Article 27 of the GDPR: Representative of data controllers or subcontractors not established in the Union

Article 27 of the GDPR requires data controllers or subcontractors not established in the European Union but which target EU residents, to designate one representative in the EU to facilitate communication with authorities and affected people.

Article 27 of the GDPR explained

Any manager or subcontractor who:

  • Is not not established in the EU, but
  • Offers goods or services to people in the EU, or monitors their behavior,

must designate in writing a representative in a Member State where the persons concerned are located.

This representative acts like point of contact for the supervisory authorities (e.g. the CNIL) and for the people concerned.

Why is this article important for your GDPR compliance?

It ensures that European authorities can enforce the GDPR, even vis-à-vis actors established outside the EU. It's a essential legal obligation for international companies operating in the European market.

How to comply with Article 27 of the GDPR?

  • If you are based outside the EU but target European users, appoint a GDPR representative in Europe.
  • Write a clear contract with this representative specifying their missions.
  • Mention this representative in your privacy policies.
  • Make sure it is suitable for respond to requests and to collaborate with the authorities.

Examples of application of Article 27 of the GDPR

  • An American e-commerce company sells in France: it appoints a GDPR representative based in Paris.
  • A Canadian mobile application tracks the behavior of German users: it appoints a representative in Berlin.
  • A Chinese online services platform, active in Spain, hires a Spanish GDPR firm as its representative.

Related Resources

Accelerate your compliance in just a few clicks

With our all-in-one solution, you can accelerate and ensure compliance easily:

  • Automate your compliance with our GDPR software
  • Supported or outsourced by our DPO experts
  • Raise awareness among your teams with our GDPR training e-learning

Request a demo with an expert

Other articles
on the same subject