+49 (0) 89 20 300 64 22 Mon - Fri 09:00-18:00
+49 (0) 89 20 300 64 22 Mon - Fri 09:00-18:00
+49 (0) 89 20 300 64 22
Mon - Fri : 09:00-18:00

Do you need EU-Representative-Services?


Who is an EU Representative under Art. 27 of GDPR?

  • An EU-based designee of a non-EU establishment (Data Controller or Data Processor) that is subject to GDPR. EU Representative is the Controller’s or Processor’s contact person in respect of European privacy supervisors and data subjects in all matters relating to data processing, to ensure compliance with this GDPR.
  • An individual or corporation can play the role of an EU Representative.
  • The purpose of such representation is to enable the European data protection supervisory authorities to ensure compliance with the GDPR, by being able to control or supervise the activities of the non-EU establishments that are subject to the GDPR, through their respective representatives in the EU.


Are you subject to the GDPR?

  • All establishments in the EU are subject to the GDPR, irrespective of whether the establishment is the company’s head office or branch office or a representative, and irrespective of where the processing takes place.
  • A non-EU establishment is subject to the GDPR if it regularly undertakes one of the following activities:
  • the offering of goods or services, irrespective of whether a payment of the data subject is required, to data subjects in the EU; and/or
  • the monitoring of the behavior of data subjects in the EU, as far as their behavior takes place within the EU. This provision concerns any company that offers goods or services online to EU customers or uses cookies or similar technologies to track EU data subjects. Such establishments must comply with the GDPR and must designate an EU Representative.
  • Exception: A non-EU establishment is exempted from designating an EU Representative when the processing is only occasional and does not include, on a large scale, processing of special categories of data as referred to in Article 9(1) GDPR or processing of personal data relating to criminal convictions and offences referred to in Article 10 GDPR, and such processing is unlikely to result in a risk to the rights and freedoms of natural persons, taking into account the nature, context, scope and purposes of the processing. Non-EU public authorities and bodies are equally exempted (see Art. 27(2) GDPR).


Have only an affiliate company in the EU?

  • Unless the European affiliate of a non-EU establishment is a public body, or a branch or a “representation” in the EU, the non-EU establishment remains obliged to designate an EU Representative.
  • The non-EU establishment can choose to designate its EU affiliate as its Representative. However, this type of representation has some shortcomings.
  • The object of the EU affiliate may not be data protection, so it would be of little help to the non-EU affiliate.
  • EU Representation and the associated data protection activities may not fall within the scope of the company’s insured activities. Thirdly and lastly, giving advice and monitoring the activities of the non-EU company as well as cooperating with the European regulators on the latter’s behalf, may not fall within the scope of activities of the DPO of the European affiliate. Moreover, this may rather seem to be over-demanding, especially if the DPO is a natural person.

What if a data subject under GDPR fails to designate EU-Representative-Services?

  • It is worth noting that the GDPR, in force since 25 May 2018, is known for being the most rigorous privacy law on earth at the moment, particularly due to its heavy fines and its extraterritorial character. If a foreign company that is subject to the GDPR refuses to designate an EU Representative as required, then the former is infringing the GDPR and runs the risk of being imposed an administrative fine of up to ten million Euros (10 000 000 EUR) or up to 2 percent of a company’s total worldwide annual turnover of the preceding financial year, whichever is higher. Ignorance of the GDPR would not be an excuse, and the intentional or negligent (willful blindness) character of the infringement (failure to designate an EU Representative) may rather constitute aggravating factors. See Art. 83(1),(2)&(4a) GDPR. It is for these very reasons that most foreign companies are in a haste to designate their respective EU Representatives, and CPL is here to help you have one.


About Us

  • RAe Niedermeier – Law Firm GmbH (CYBERLEGIS) is an European Law Firm with headquarters in Munich Downtown, Germany.
  • CPL specializing in EU-Representative Services under Art. 27 of GDPR. The goal of CPL is to help its clients comply with European privacy laws and provide best practice under Art 27.


Why hire CPL as your EU Representative?

  • EFFICIENCY: CPL is since May 2018 a specialized provider for Art 27 GDPR services. We work down any request coming in 6 hours.
  • COST EFFECTIVE: At just EUR 333 net per month CPL provides premier EU-Representative-Services. Provinding a yearly EU REP GDPR Report on all inquiries from European Data Subjects
  • INSURANCE COVERAGE: Since all EU Representatives installed by CPL are specialized Privacy lawyers, the service comes along with a default liability of 1 Million Euros (with higher representation available at extra cost).
  • PROFESSIONALISM: CPL is sensitive to providing quality service to its clients. Thus, CPL designates only specialized Art. 27 GDPR Experts to act as EU Representatives or handle representation-related matters for the clients. When you choose the CPL, an expert with data privacy expertise is assigned to you.
  • ASSURED AVAILABILITY: In an effort to satisfy its clients, the designated EU Representative would be reachable not only from Monday to Friday (09:00h – 17:00h) via a team of English speaking secretaries, but equally at weekends via e-mail and cell phone. CPL has minimum 3 legal experts, working around the clock to assist the clients fulfill the GDPR requirements. Thus, at any given point in time, a CPL representative is always there to assist you with your requirements.

How do I designate CPL as my EU Representative?

Just email us at:  niedermeier@cyberlegis.legal

  • We will be happy to anywer all your question in a Zoom or WebEx meeting
  • We have standard document designating one of our expert Lawyers as your EU Representative. In this regard, you would receive a draft designation document, which you would print, sign, and send by post, in accordance with Art. 27(1) GDPR.

Robert Niedermeier CIPP/E CIPT CIPM FIP


Mobile:  +49 (0) 171 244 00 99

Our Flyer  – EU Representation Art 27 GDPR





Please connect with “RA Robert Niedermeier” on LinkedIN (www.linkedin.com/in/ra-robert-niedermeier) and stay tuned for our EU-Representative-Services, Presentations on the East (DC, Ralleigh) and West Coast (LA) in early 2020.