A total of more than


million Euros

As a non-EU company, you are impacted

Globally, if you process European personal data as part of your business

  • You are a subcontractor (or data processor) of a European company
  • You offer goods and/or services to individuals in the EU
  • You monitor the behaviour of individuals in the EU

In addition to the financial risk, if you are not in good standing, you may also be excluded from any invitations to tender from a European company.

Art. 27 of General Data Protection Regulation (GDPR)

Representatives of controllers or processors not established in the Union

1.  Where Article 3(2) applies, the controller or the processor shall designate in writing a representative in the Union.

2. The obligation laid down in paragraph 1 of this Article shall not apply to:
a) processing which is occasional, does not include, on a large scale, processing of special categories of data as referred to in Article 9(1) or processing of personal data relating to criminal convictions and offences referred to in Article 10, and is unlikely to result in a risk to the rights and freedoms of natural persons, taking into account the nature, context, scope and purposes of the processing; or
b) a public authority or body.

3. The representative shall be established in one of the Member States where the data subjects, whose personal data are processed in relation to the offering of goods or services to them, or whose behaviour is monitored, are.

4. The representative shall be mandated by the controller or processor to be addressed in addition to or instead of the controller or the processor by, in particular, supervisory authorities and data subjects, on all issues related to processing, for the purposes of ensuring compliance with this Regulation.

5. The designation of a representative by the controller or processor shall be without prejudice to legal actions which could be initiated against the controller or the processor themselves.


Being compliant

Having a
GDPR representative
in Europe



A All clients must ensure that foreign suppliers / data processors are GDPR compliant

Clients are legally liable to the regulatory authority for GDPR compliance on the part of suppliers acting on their behalf

Under the client’s purchasing policy, the supplier must provide proof of GDPR compliant processes

Without a GDPR policy in place, the client might not send the supplier an invitation to tender


The supplier does not have a GDPR policy

This will put the client at risk, given its role of data controller legally responsible vis-a-vis the EU regulatory authorities

The client may suspend or end any business relationships with the supplier

The client may urge the supplier to become GDPR compliant at short notice


GDPR becomes the opportunity for new business

Putting a GDPR policy in place will give a company visibility of its data patrimony

This will create a new asset in terms of the company’s financial value

An opportunity to create new business models and future cash-flows

How we support you ?

With our expertise in the fields of compliance and data, we will assist you in appointing your GDPR representative.


Data privacy
situation assessment

Performing personal data analysis, processing, technical mapping, data governance and risk identification.

Being your legal

Handling relations with EU regulating authorities, putting in place a legal framework and operational governance, and ongoing monitoring of data privacy compliance.

If necessary, we can also help you to implement the different processes and technical solutions within your company in order to guarantee a better quality in your personal data processing.

Are you interested in GDPR art.27 representation ?

If you are interested in this support offering, or if you would like more information, we would be happy to discuss it with you :

    Gestion des cookies