Leo offers EU Representative services to non-EEA and non-UK firms as required by Article 27 of the GDPR, in a convenient and efficient manner, enabling you to do business with European residents from any location in the world.
Leverage Leo’s experience of working with organisations in the e-commerce and financial sector, and Leo’s expertise in creating privacy compliance tools by adding Leo’s GDPR Governance Solution to comprehensively meet your GDPR obligations.
Do I need an EU and/or UK Representative according to Article 27 of the GDPR?
Firms based outside the EEA and/or the UK without an establishment in the EEA and/or the UK but offering services to individuals in the EEA and/or the UK (e.g. provision of a website in an EU language) or monitoring behaviour (e.g. cookie profiling), need to appoint a Representative in the EEA and/or the UK according to Article 27 of the GDPR.
Why should I care about a European regulation as a non-European company?
The GDPR extends its territorial scope beyond the territory of the EEA and of the UK and
therefore can be enforced on firms outside of Europe with potential fines of EUR 20 million or 4% of turnover whichever is greater.
Are there any Exemptions to Article 27?
Controllers and processors are exempt from the requirement to have a representative if all of the following criteria are met:
• Personal data is only processed occasionally (this is expected to be interpreted narrowly).
• The processing does not include large-scale data processing of special categories of personal data or personal data relating to criminal convictions and offences.
• The processing is unlikely to result in a risk to the rights and freedoms of the data subject.
