The General Data Protection Regulation can apply to organisations with no business presence in the EEA if they offer goods or services to individuals in the EEA, or if they monitor the behaviour of individuals in the EEA. In this situation, organisations must appoint a GDPR representative in a relevant member state. The representative’s role is to ensure that the organisation complies with the GDPR by enabling communication with individuals and data protection authorities in the EEA. Bird & Bird offers GDPR representative services through Bird & Bird GDPR Representative Services SRL.

What does the GDPR representative do?

The representative has to meet the specific requirements provided by the GDPR, as interpreted by the European Data Protection Board. Our GDPR representative will:

Mandatory requirements

  • Understand your approach to GDPR compliance
    • Dedicate time to understand your personal data processing activities and your approach to compliance.
    • Keep in touch with you so you're up to date with respective changes to EU rules on personal data processing.
  • Act on your behalf in the EEA
    • Be named in your privacy policy as a point of contact in the EEA.
    • Act on your behalf with European data protection supervisory authorities.
  • Maintain your record of processing activities (ROPA) as required by article 30 of the GDPR.

Optional services

  •  Provide you with our assessment of your state of compliance with the GDPR
    • In the first year, we can undertake an initial audit of your GDPR compliance, or review an existing audit to help you ensure you are in line with EU data protection requirements.
    • In the following years, we can run an annual high-level audit to ensure you remain compliant over time.

Our representative services are provided by a team of expert lawyers and compliance advisors, with in-depth experience of working with EU regulators and advising on GDPR compliance projects. The team also works closely with our top-ranked data privacy legal specialists, enabling us to provide you with the legal guidance needed to respond effectively to inquiries by supervisory authorities or more complex interactions with data subjects.

Comply with EU privacy laws and appoint your trusted data protection representative here >

Related materials and downloads

News & Events

  1. 0411-2019

    Article 27 Representative – do you need to appoint an EU Representative, a UK Representative or both?

    As Brexit uncertainty continues, organisations are still considering their options with respect to data protection in the event of a no-deal Brexit. A 'no-deal' Brexit will generate a number of data protection concerns ...