Our new Data Protection and Privacy Support Portal "PrivacyAssist" in now available. Learn More!
Article 27

What is Article 27 as a Service?

Your very own PrivacyEngine Data Protection Consultant acts as your point of contact between the data protection authorities in the EU and you! Schedule a call today to speak with a consultant.
Let's get to work...
Article 27 of the GDPR by PrivacyEngine
Do you need EU representation?

Download your Article 27 Checklist

Complete this quick exercise. This checklist will help you establish whether or not you need Nominated Representative is needed.

Download Article 27 Checklist.

Article 27 Brochure Front Page
Download the Brochure

PrivacyEngine's Article 27 Service Brochure

Here’s the low down on what exactly is included in PrivacyEngine’s Article 27 Representation service. We can’t wait to get started!

Download PrivacyEngine Article 27 Brochure Here.

Sign Up
Get Started

Let's get to work. Sign Up Here


PrivacyEngine SAR Consultants
THE SERVICE

See how our friendly consultants can help you

Article 27 states that if a business or entity based outside the EU offers goods or services to, or monitors the behavior of, individuals in the EU, they must appoint a representative in one of the EU member states where the data subjects are located.

Frequently Asked Questions

about Article 27

What is a Nominated EU Representative?

The Nominated Representative ensures there is a mechanism in place for Data Subjects and Supervisory Authorities to easily communicate, access and request any Personal Data and Processing Activities of an Organization outside Europe.

What do you need from us?

All we require to complete the service is a designated point of contact within your organization to liaise with. If your organization does not currently maintain a Record of Processing Activities (RoPA), we can assist in creating one.

Does it matter which Member State my Nominated Representative is based?

Essentially, no. There is no regulatory requirement enforcing Nominated Representatives to be based in a specific EU Member State.

Is appointing a Data Protection Officer (DPO) the same as appointing a representative under Article 27?

No, these are distinct requirements. While a DPO is required in certain situations under Article 37, appointing a representative under Article 27 specifically applies to non-EU organizations that process EU residents’ data.

Do you deal with any Data Subject Request independently?

No, we act as a conduit between European Data Subjects and your Organization. Any request received by your Nominated Representative will be passed to you to deal with, alongside any queries from any Supervisory Authority.

How does PrivacyEngine achieve transparency with you?

We will set you up with an Article 27 PrivacyEngine license. Through this license there is a ‘Group Chat’ feature which your Nominated Representative will primarily contact you through.

Alongside this, we have Mandatory Logs available within the Platform, we will have a shared Data Subjects Rights log that your Nominated Representative will fulfil, and your Data Champions will have access to, in order to see real-time activities.

Similarly, we will have a Supervisory Authority Communications log that your Nominated Representative will input any queries from Supervisory Authorities for you and your team to refer to at any stage.

Do I really need a Nominated Representative?

Article 27 of the General Data Protection Regulation states that if you Organization is not established within Europe (or the EEA) and are:

  1. Offering good or services to individuals in Europe
  2. Monitoring the behaviour of individuals in Europe

Then you need a Nominated Representative.

If you do not fulfil the Article 27 criteria of appointing a Nominated Representative, your Organization can be fined up to 10 million Euro or 2% of your global turnover (whichever is more).

What classifies as monitoring behaviour?

Anything you do that involves automated analysis or behavioural predictions of individuals (movements, personal preferences, health, economic situation etc).

How often do we speak to our Nominated Representative?

Usually, we would recommend Quarterly meetings at a minimum, however if you feel as though you would like more regular meetings just let us know!

Why choose PrivacyEngine as your GDPR Representative

  • Benefit from the knowledge of our seasoned data protection practitioners and consultants.
  • We provide comprehensive guidance on compliance with GDPR.
  • We communicate with the Information Commissioner’s Office and other parties on your behalf, simplifying the compliance process.

The Benefits

  • - PrivacyEngine becomes your designated EU representative
  • - We act as point of contact between the data protection authorities and you!
  • - Access to GDPR expertise on demand through our support team
  • - Understand your data flows and the cross-border implications for international transfers
Two young professionals handshaking

““We are particularly impressed with the outstanding levels of direct support and assistance provided by the great team at PrivacyEngine.””

Fiachra Barrett

Information Compliance Officer, SEAI Ireland

Small Blue Dots Big Circle Blue Dot Right Icon Dots
Trusted by hundreds of businesses worldwide
Schedule a Consultation
Saab Logo
Hush Logo
Certa Ireland Logo
Seal Logo
Corinthia Logo