Home Privacy Law GDPR Article 27 GDPR (Representatives of Controllers or Processors Not Established In The...

Article 27 GDPR (Representatives of Controllers or Processors Not Established In The Union)

Article 27 of GDPR: Foreign companies to designate a representative

Foreign companies located outside of the European Union but who process personal data of individuals located in the Europen Union must designate a representative in certain situations in accordance with Article 27 of GDPR.

Designating a representative (Article 27(1) GDPR)

When a foreign company outside of the European Union processes personal data of individuals located in the European Union related to the offering of goods and services or if they are monitoring the behaviour as far as it relates to their behaviour in the EU, then they must designate a representative in the Europen Union.

Exceptions to the obligation to designate a representative (Article 27(2) GDPR)

GDPR provides for some exceptions to when a foreign company acting as a data controller or data processor should designate a representative located in the European Union.

Article 27(2)(a) GDPR outlines the following exceptions based on the following conditions:

  1. When the data processing activity is only occasional
  2. Does not include, on a large scale, the processing of special categories of personal data 
  3. Does not include, on a large scale, the processing of personal data relating to criminal convictions and offences
  4. The data processing does not result in any likely risk to the individual’s rights and freedoms considering the nature, context, scope and purpose of the data processing.

Article 27(2) GDPR exempts public authorities and bodies as well.

Location of the representative (Article 27(3) GDPR)

The foreign data controllers or data processors must appoint a representative who is located in one of the EU countries where personal data is being processed in relation to the sale of their goods or service or with regards to the monitoring of individual behaviour.

Mandate of the representative (Article 27(4) GDPR)

Foreign companies who are required to appoint a representative located in the EU must provide their representative with the mandate to represent them before the supervisory authorities in addition to or instead of the foreign company on all issues relating to data processing and GDPR compliance.

Legal claims against foreign companies (Article 27(5) GDPR)

GDPR makes it clear that regardless of the appointment or designation of a representative in the EU, data controllers and data processors remain fully liable and accountable with respect to legal actions initiated against them.

Recitals applicable to Article 27 of GDPR

Relevant Recitals: 80

GDPR Regulation article-by-article overview

Read our comprehensive overview of the GDPR Regulation, article by article, where we summarize each of the 99 articles contained in GDPR to give you a complete understanding of its content.

Cited Legislation in Article 27 or relevant recitals

None

GDPR Text: Article 27 of GDPR and Relevant Recitals

GDPR Text Source: EUR-Lex

Official GDPR Text: General Data Protection Regulation 

Official GDPR Title: REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), corrected by Corrigendum, OJL 127, 23.5.2018, p. 2 ((EU) 2016/679)

Editorial Staff
Hello Nation! I'm a lawyer by trade and an entrepreneur by spirit. I specialize in law, business, marketing, and technology (and love it!). I'm an expert SEO and content marketer where I deeply enjoy writing content in highly competitive fields. On this blog, I share my experiences, knowledge, and provide you with golden nuggets of useful information. Enjoy!

Most Popular

Accelerated Bookbuild (Explained: All You Need To Know)

Accelerated Bookbuild (Explained: All You Need To Know)

Direct Public Offering (Explained: All You Need To Know)

Direct Public Offering (Explained: All You Need To Know)

What Is A Private Placement (Explained: All You Need To Know)

What Is A Private Placement (Explained: All You Need To Know)

Offering Memorandum (Explained: All You Need To Know)

Offering Memorandum (Explained: All You Need To Know)

Financial Services Industry (Explained: All You Need To Know)

Financial Services Industry (Explained: All You Need To Know)

Editor's Picks

What Does LLC Mean (Best Overview: All You Need To Know)

What Does LLC Mean (Best Overview: All You Need To Know)

Connecticut Secretary of State Business Search (Step-By-Step)

Connecticut Secretary of State Business Search (Step-By-Step)

How To Start A Business In Nevada [Step-By-Step Ultimate Guide]

How To Start A Business In Nevada [Step-By-Step Ultimate Guide]

Is Saturday A Business Day (Overview: All You Need To Know)

Is Saturday A Business Day (Overview: All You Need To Know)

Teenies (Financial Definition: All You Need To Know)

Teenies (Financial Definition: All You Need To Know)