What does an Article 27 representative do?

The representative acts as a contact point in the EU/UK for supervisory authorities and data subjects, maintains certain records, and forwards communications to the controller or processor.

Do I need separate EU and UK representatives?

Often yes. The EU GDPR and UK GDPR are separate regimes. If you target both regions without establishments there, you may need two representatives.

What is typically included in representative services?

Common inclusions are representative designation, EU/UK contact address, basic communications forwarding, onboarding support, and documentation templates. DSAR handling or privacy program support may be add‑ons.

GDPR Article 27 Representative Services (EU/UK)

If your company is outside the EU/UK but targets people there, GDPR Article 27 may require you to appoint a representative. This page explains the service scope, EU vs UK requirements, and how to choose the right provider.

Compare Providers Estimate Cost

On this page

Service scope EU vs UK Service tiers How to choose FAQ

What Article 27 Representative Services Include

Article 27 requires a designated representative when a controller or processor is not established in the EU/UK but falls under GDPR/UK GDPR due to offering goods or services or monitoring behavior. Representative services typically include:

EU/UK contact address and designation documentation
Forwarding communications from regulators and data subjects
Maintaining representative records and contact visibility
Onboarding guidance and compliance coordination

Services vary by provider. Some include basic forwarding only; others offer broader privacy support and operational SLAs.

EU vs UK Requirements

EU GDPR and UK GDPR are separate legal regimes. If you target individuals in both regions and do not have an establishment in either location, you may need separate representatives.

EU Representative

Must be established in an EU Member State where affected data subjects are located. Acts as point of contact for EU supervisory authorities.

UK Representative

Must be established in the UK. Acts as point of contact for the UK ICO and UK data subjects.

Service Tiers (Typical)

Basic: designation + forwarding, standard response windows.
Standard: onboarding support, recordkeeping templates, moderate SLA.
Premium: faster SLAs, multilingual support, expanded coordination.

If you require strict response times or handle higher‑risk data, select a tier with clear SLAs and escalation.

How to Choose a GDPR Representative Provider

Confirm EU/UK establishment and address compliance.
Ask for forwarding SLA and escalation path.
Clarify DSAR handling vs. forwarding only.
Review contract terms, renewal, and exit clauses.
Check coverage for both EU and UK if needed.

Use a structured comparison so every provider is measured against the same criteria.

FAQ

Is an Article 27 representative the same as a DPO?

No. A DPO advises on compliance; a representative is a local contact point for regulators and data subjects.

Can one provider cover both EU and UK?

Some providers offer EU and UK representation under separate contracts. Confirm the legal entity and address for each.

What if we process only occasional data?

The exemption is narrow. If processing is occasional, low risk, and doesn’t involve large‑scale special category data, you may be exempt. Always verify against guidance.

Next Steps

Estimate cost, confirm eligibility, and request quotes from vetted providers.

Compare Providers Check Eligibility Estimate Cost

Sources: GDPR Article 27, EDPB guidelines, and UK ICO guidance. See the official texts for authoritative requirements.

This page is informational and not legal advice.