The General Data Protection Regulation applies to all EU member states. Companies offering goods or services within the Union or observing the behaviour of those concerned are also included. It is independent of whether the persons are liable to pay (Art. 3 para. 2 EU GDPR). Thus, the General Data Protection Regulation also affects companies not established in the European Union.


  • Ensure GDPR compliance: Avoid high penalties and legal risks.
  • Competent contact partner: We offer comprehensive expertise in European data protection law.
  • All-round service: We also support you as a data protection officer with the necessary expertise. 


ePrivacy supports you as an EU representative to ensure a high level of data protection and to optimally implement your business models. We will act as a national representative for your customers in the EU in accordance with the GDPR. We offer long-term advice on all data protection issues.

EU Representative

  • EU representative and assumption of duties in accordance with the GDPR
  • We are available as a point of contact for data subjects and supervisory authorities
  • Further consultation within the framework of European data protection law (if desired)
Learn more about the EU Representative

High Expertise

  • Comprehensive expertise in European data protection law
  • Highly experienced in dealing with supervisory authorities
  • Official point of contact for authorities in the EU
Learn more

Representatives of controllers or processors not established in the Union

Article 27 of the General Data Protection Regulation explains how companies from non-EU countries appoint an EU representative for data protection. The EU Representative is the point of contact for the supervisory authorities and must be expressly appointed and instructed in writing. The representative must be established in one of the Member States in which the data processing is conducted.

The obligation to appoint a representative shall not apply, unless, for example, special categories of personal data are processed on a larger scale. Additional exceptions are mentioned in Article 27 (2).

Tasks of the Representative

The legal person appointed by a company has the obligations arising from the General Data Protection Regulation as the company's data controller or processor. Due to the responsibility of the companies, a person concerned or a supervisory authority can turn to the responsible person or contract processor in the non-EU country as well as to the EU Representative.

ePrivacy supports you as an representative in achieving a high level of data protection as a competitive advantage and so that you can implement your planned business models as far as possible. We are happy to provide you with long-term advice on all data protection issues.

Do you have questions or recommendations for us?

We are glad to receive your comments.