Frequently Asked Questions

Do I need an EU-representative according to Art 27 GDPR?

Which companies need an EU representative?

Companies established outside the EU are required to appoint an EU representative according to Art 27 GDPR in the EU if they:

  • offer goods and services to individuals in the EU (e.g. providing a website in an EU language, offering payments in EUR) or

  • monitor their behaviour (e.g. cookie profiling).

Are there any exemptions from the obligation to appoint an EU representative?

According to Art 27 GDPR, controllers or processors are exempted from the regulation if all of the following criteria are met:

  • personal data is only processed occasionally,

  • data processing does not include large-scale processing of special categories of personal data or personal data relating to criminal convictions and offences, and

  • data processing is unlikely to result in a risk to the rights and freedoms of data subjects.

What are the responsibilities of the representative?

The representative shall act as a middleman between authorities and data subjects on the one hand and the processor and controller outside the EU on the other hand. The representative needs to be mandated by the controller or processor in writing to be addressed by supervisory authorities and data subjects on all privacy issues. Furthermore, the representative shall according to Art 30 GDPR maintain the records of processing activities and shall make the record available to the supervisory authority on request.

What fine may be imposed for non-compliance?

The GDPR extends its ‘territorial scope’ to controllers and processors having their registered office in a country outside of the EU. As a result, the exorbitantly high penalties of up to EUR 10 Mio or 2% of the worldwide annual turnover apply if a processor or a controller does not comply with the obligation of appointing an EU representative. The penalties may be enforced by individual claims or by authorities.

How can help me/my business?

Who is the law firm behind is a service provided by iuro Maetzler Rechtsanwaelte GmbH & Co KG attorneys at law, a law firm qualified in the European Union, located in Vienna. iuro specialises on data protection law and acts as data protection officer and representative for customers all over the world. The service has been created and continues to be improved by a team of lawyers, IT-security specialists and software developers.

What are the servicses provided by offers representation as a service complying with Art 27 GDPR. The basic service of contains:

  • an individual privacy landing page with a contact form for data subjects and authorities

  • a certificate of representation

  • unlimited forwarding of electronic requests from data subjects

  • unlimited forwarding of postal messages from data subjects

  • unlimited forwarding of requests from supervisory authorities

  • Individual bespoke legal services, especially answering requests by data subjects or authorities. Advisory or consulting services are not included in the SaaS solution but offered separately by iuro.

How can I appoint GDPR-Rep as my representative?

What is the process of appointing as EU representative?
The onboarding process is simple and can be completed in a couple of minutes:
  1. Create a Account and enter your company details. Your risk free 14 day trial period starts immediately.

  2. After registering, you will find a download button for the Power of Attorney (PoA). A signed PoA is required to evidence the appointment of as your representative in case of requests by data protection authorities. We kindly ask you to sign and upload your PoA.

  3. Our back office team will check and verify the provided information on your company and the PoA. This is usually done within a couple of hours.

  4. After the PoA has been approved, you have successfully appointed as your Art 27 representative. You can log in to your dashboard where you can find templates and information on what you can include in your homepage and privacy policy.

What are my payment options?

You can choose monthly, quarterly and yearly payment. You get a discount for the quarterly payment and an even higher discount for the yearly payment option. Please note that your options to terminate the subscription depend on the chosen payment period.

Furthermore, you can choose between paying with credit card or via bank transfer. We accept almost all credit cards and bank transfers in all major currencies: AUD - Australian Dollar,  EUR - Euro, GBP - Pounds Sterling, NZD - New Zealand Dollar, USD - US Dollar. Please contact our support team should you have further questions!

We are a group of companies. Do you offer special options for us?

Every separate entity requires representation according to Art 27 GDPR. Nevertheless, with the "medium-sized enterprise package" and the "large enterprise package" you have the option to sign up for a group package to manage the representation of your affiliates through one main account with sub-accounts for every affiliate. In the "medium-sized enterprise package", up to 5 entities are included. The "large enterprise package" offers unlimited entities. All included group entities must operate in the same industry, offer the same range of products and have the same or a linked brand.

How can I manage the representation?

What happens to incoming requests? filters processes and forwards requests according to formal criteria in compliance with GDPR requirements.

Does offer help with answering requests? is an automated SaaS solution provided by the iuro attorneys at law. iuro would be pleased to assist you in answering requests as individual bespoke legal service.

Is one of my processors and where can I find the data processing agreement?

In case individuals contact with requests addressed to you, is processing personal data for you. The data processing agreement for this type of processing is attached to your engagement letter which is provided to you during the onboarding process.

How can I manage more than one business?

Each of your companies has one account conveniently managed through your main account. Billing can either be centralized through your main account or done separately for each company.