The photo shows a woman with long blond hair, wearing a white suit and smiling friendly into the camera.

GDPR EU Representative

for companies without an establishment in the EU


Arrange your free consultation appointment:

Book free online consultation

Go to contact form

Seal - iapp Bronze Member
Two ladies are sitting in front of a laptop, which is placed on a glass desk, and are discussing.

The need for an EU representative under the GDPR

The General Data Protection Regulation (GDPR) has a very broad scope. Companies with business activities in the EU can easily be subject to GDPR, even if they are not established in the EU.

The GDPR may already apply when a non-EU company offers goods or services to individuals in the EU or monitors their behaviour (e.g., using online analytic tools). In this case, the company must appoint a representative in the EU in accordance with Art. 27 GDPR.

Failure to comply may result in fines of up to EUR 10,000,000 or 2% f the company's global annual turnover; various data protection autorities have already imposed fines for failure to appoint an EU representative.



Wave as graphic

We have many years of expertise and know exactly what we are doing: DP-Dock was founded by two leading data protection lawyers and an experienced IT consultant. We have been one of the first companies offering EU GDPR representative services: since the GDPR came in force in 2018, we have been acting for international companies as their EU GDPR representative.

We serve as local point of contact for the EU on all issues related to the processing of personal data. With expertise and tact, we assist in communicating with - demanding - data subjects and data protection supervisory authorities.

In this team photo in the office, two women are smiling from the left, a man, another woman and again a man. They have different attitudes and seem very competent.


Roles & Duties of a GDPR EU-Representative

Wave as graphic
A man in a blue suit and pink shirt holds a smartphone to his ear and smiles. He has his gaze slightly downward. On the left, a large, slanted skylight.

Our role is particularly important for companies that are not based in the EU but target EU consumers, e.g. by selling goods or services to EU citizens or by monitoring their behaviour. A breach of the obligation to appoint an EU representative can result in heavy fines, up to €10 million or 2% of the company's annual worldwide revenue, whichever is higher.

The EU representative has several tasks and therefore provides several advantages to the company. The representative will act as a local contact for EU citizens and supervisory authorities and represent the non-EU company in relation to its GDPR compliance. The below requirements must be satisfied:

  • The EU representative must be appointed in writing.
  • The EU representative must act on behalf of the non-EU company and must therefore have representational authority.
  • The EU representative must maintain a processing directory (Article 30 GDPR).
  • The EU representative must be located in an EU member state in which persons affected by the company's actions are also located.


It is important to note that there are exceptions to the need to appoint an EU representative. This applies to cases where the data processing is only occasional, does not involve special categories of personal data and is unlikely to present a high risk to the rights and freedoms of data subjects. All of these conditions must be met at the same time, so it is uncommon for a non-EU company to be able to qualify for this exemption.


Client feedback about our data protection services

Wave as graphic
The view of the Port of Hamburg from above is breathtaking with the Elbphilharmonie in the background and a beautiful blu
Logo - Redbubble

(Data Protection Officer: DPO)
Redbubble Inc., 111 Sutter Street, 17th Floor, San Francisco, CA 94104, USA

„DP-Dock brings real value to privacy compliance with their professionalism, responsiveness and depth of experience advising global tech companies operating in Europe.”

Logo - Universal Tennis

(Data Protection Officer: DPO)
Universal Tennis, LLC, 525 University Avenue, Palo Alto, CA 94301, USA

„DP-Dock is our designated Art. 27 GDPR representative for many years – more recently they are, in addition, our external DPO: a decision we’ve been happy with. Their understanding of global trends in data privacy is remarkable – including the provision of awareness trainings for our employees across the globe.“

Logo - ottobock

(Data Protection Officer: DPO)
Ottobock SE & Co. KGaA, Max-Näder-Strasse 15, 37115 Duderstadt, Germany

DP-Dock is our external data protection officer. They work with us in a targeted and trustworthy manner in an environment where we have many locations around the world. We are fully satisfied with their service. They are pragmatic, solution-oriented, qualified and fast when needed."

Contact information

Schedule a free first consultation appointment
with our data protection experts

Wave as graphic
A man in a blue suit and pink shirt holds a smartphone to his ear and smiles. He has his gaze slightly downward. On the left, a large, slanted skylight.

Ballindamm 39
20095 Hamburg

Privacy settings

We use cookies on our website. Some of them are essential, while others help us improve this website and your experience.

In this overview you can select and deselect individual cookies of a category or entire categories. You will also receive more information about the cookies available.
Group essential
Name Matomo
Technical name
Expire in days 72
Privacy policy
Use Use without cookies
Group external media
Name Calendly
Technical name __cf_bm,__cfruid,OptanonConsent
Provider Calendly LLC
Expire in days 365
Privacy policy
Use To arrange appointments via the provider Calendly
Name Contao CSRF Token
Technical name csrf_contao_csrf_token
Provider Contao
Expire in days 0
Privacy policy
Use Serves to protect the website from cross-site request forgery attacks. After closing the browser, the cookie is deleted again.
Name Contao HTTPS CSRF Token
Technical name csrf_https_contao_csrf_token
Provider Contao
Expire in days 0
Privacy policy
Use Serves to protect the encrypted website (HTTPS) against falsification of cross-site requests. After closing the browser the cookie is deleted again
Technical name PHPSESSID
Provider Contao
Expire in days 0
Privacy policy
Use PHP cookie (programming language), PHP data identifier. Contains only a reference to the current session. There is no information in the user's browser saved and this cookie can only be used by the current website. This cookie is used all used in forms to increase usability. Data entered in forms will be e.g. B. briefly saved when there is an input error by the user and the user receives an error message receives. Otherwise all data would have to be entered again