What Businesses Require Article 27 GDPR Representation?

FEBRUARY 25, 2019

With the implementation of the GDPR, many, recurring questions have come to rise and the answers still leave many of us confused. Who really needs Article 27 Representation? And Who doesn’t? Why is that?

Who requires Article 27 GDPR Representation?

The GDPR very clearly states that the Regulation applies to the personal data of people who are in the EU, even when being processed by anyone not established in the EU. The processing activities are related to either (a) the offering of goods or services to people in the EU, irrespective of whether a payment is required, or (b) the monitoring of their behavior.

To break it down, If your (non-EU) business is offering goods or services to people in the EU or you’re monitoring the behavior of individuals in the EU (note that this includes online behavior) the GDPR applies to you and you must designate an Article 27 Representative to avoid penalties and other repercussions that come with non-compliance.

Are there any exceptions?

There is an exemption when it comes to Occasional Processing (Infrequent/Irregular business/procedure/contact with the subject, in specific cases)

In order for this exemption to apply, the following points must apply to you:

  1. Your processing must be occasional only. It must not include processing of special categories of data or personal data relating to criminal convictions on a large scale and must be unlikely to result in a risk to the rights and freedoms of natural persons.
  2. If it does not include processing of special categories of data or personal data relating to criminal convictions and offenses on a large scale.
  3. If it is unlikely to result in a risk to the rights and freedoms of natural persons, it does not require the appointment of a representative.

If you regularly do business with people in the EU and hold data in relation to prospects or customers located in the EU, you must respect the rights of the people whose data you hold.

Appointing an Article 27 Representative is easy and can be done in a matter of minutes.

Not only do we provide Representation, but we aim to educate you in compliance which in turn rewards you with peace of mind and confidence to move forward and expand your business, profitably, effectively and optimistically.


flor mccarthy

Flor McCarthy is one of Ireland’s leading lawyers and a recognised expert in marketing. He has particular expertise and hands-on practical experience in privacy, data protection and GDPR issues for marketers. He is certified by the Law Society of Ireland in Data Protection Practice and lectures lawyers on data protection practice and compliance. He is managing partner of a multi award winning niche legal practice. He has been in private practice for over 20 years and has been elected by his peers to sit on the exclusive Council of the Law Society of Ireland, the governing body for Irish lawyers.

If you process data on EU or UK data subjects and appreciate that compliance with the GDPR is essential for risk management, data-security and customer-confidence in your international business and you feel that you are a good fit for our EU representative services please click the button below to schedule a free call with us today. Assigning an EU or UK representative for your business is a straightforward process and we’ll be happy to talk you through it.

During the call we’ll answer any questions you may have and we’ll go through our service in full detail so that you have a complete understanding of our solution and how it can benefit your business. We look forward to speaking with you.