EU Representative (Article 27 GDPR)

"The bad guys do not appoint Art.27 representatives"

These were the words used by Counsel recently in a High Court case regarding the role of Art. 27 representatives (Mr Baldo Sansó Rondón v LexisNexis Risk Solutions UK Limited [2021] EWHC 1427).


This has been the second case concerning Art 27 representatives in recent months, and is an area organisations need to be aware of following Brexit.


In another case in May 2021 the Dutch DPA imposed a fine of €525,000 on, a USA company for failing to appoint Art 27 representative. 


In a nutshell, if you want to continue to sell to your EU customers, or target EU customers after 31 December 2020, then you may need to appoint an EU representative.


In the aforementioned case, the judge stated – “The appointment of a representative an important signal that the controller is engaging with the GDPR, understands its scope provisions, and accepts the conditionalities it imposes on its access to data and data subjects. It signals, in other words, a recognition of the bargain involved: the burden to be shouldered for the benefit to be gained. It is … a signal of good intent.”


The Judge continued “…Data subjects are basically entitled to two things: to have their data processed in accordance with the duties imposed on controllers (compliance), and to know who is doing what with their data  in the first place (transparency).”


Don’t be a bad guy! Let us help with your Article 27 representative requirements.  You can call free (from anywhere) today by clicking the link below, or the widget on the bottom right of your screen.

Why SME Comply?

SME Comply can take the stress out of both of these obligations.  With a branches in England and Ireland we can offer EU or UK Representative services that are more than just a mailbox.

During onboarding we will dedicate time with your teams to obtain a high-level understanding of what personal data you process and your approach to compliance.

Our team of consultants and solicitors will support you in compiling your Record of Processing Activities (RoPA) pursuant to Article 30 of the GDPR, if you do not already have one.  We will assist with updating your Privacy Policy to include the EU or UK Representative contact details.

All packages include free monthly advice on generic data protection issues or rapid legal guidance on matters such as a data breach or data subject access requests.

To ensure continuity, all of this additional support will be provided via your named key point of contact (always a solicitor), who will be familiar with your business.

Our wide range of legal and business expertise allows us to bring knowledge to our interactions with regulators and individuals.

If more advice is needed then you will have access to SME Comply’s highly regarded data protection legal team will work in conjunction with your in-house data protection team to offer seamless advice tailored to your business needs, as a traditional legal services and via our usual engagement terms.

The GDPR applies to all companies processing the personal data of individuals residing in the EU, regardless of the company’s location, and regardless of whether the processing takes place in the EU or not.

Our EU and UK Representatives Packages

All packages include:


Don’t take our word for it. This review was left by a client using our representative service on Google Business Review:

“This is a very good professional service, very pleased with both service levels & price.”


(1-10 employee)


per annum


(11-50 employees) 


per annum


(51 to 250 employees)


per annum

UK Representative

(under 250 employees)

£ 360*

per annum

Both EU and UK Representative

Discounted fees for combined EU and UK Representative services

For over 250 employees please contact us for a bespoke quote.
* You must provide us with an up-to-date Record of Processing Activity (RoPA) upon sign-up.

In summary

Combine our Services

This service can be combined with any of our current services (excluding our Outsourced DPO service).


We are qualified privacy solicitors and Data Protection Officers, so you can feel reassured that these important obligations are being carried out professionally and diligently at all times.

Gain customer trust – customers will also feel reassured that you have appointed professionally qualified individuals to act on your behalf in the EU and UK. See for yourself – read our testimonials!

Ireland Office

Despite what you may hear, you do not need a representative in each EU country.  If you have customers/clients in Ireland then we can act as your EU Representative for the whole of the EU.

Other companies simply offer what is essentially a mailbox service in various EU countries. We don’t because it is not required!


Free monthly data protection advice included in price.

Access to our client data protection portal, including access to our popular GDPR e-learning course for your employees (with certificate upon successful completion).

Cost Effective

Our tailored solutions are competitively priced.

Get in touch

If you want to have a chat about our services then please submit a message below:


If you would like a chat about our services or you have over 250 staff please get in contact.
The personal information you provide in this form will be used by SME Comply to respond to your enquiry only and for no other reason.