How to appoint an EU representative to comply with Article 27 of the GDPR

Do the right thing, build trust with your customers, and avoid regulatory fines. We simplify the process so you can comply in minutes.

The General Data Protection Regulation (GDPR) is a European Union (EU) regulation that applies to all organizations within the EU as well as those outside of the EU that offer goods and services to or monitor the behavior of EU residents. One of the requirements specific to organizations outside of the EU is the appointment of a representative within the EU per Article 27 of the GDPR. We cover the regulatory background in Part 2 of our GDPR compliance guide for online businesses outside of the European Union.

Here, we go through each step to appoint your EU representative in minutes with blucheq. If you have questions about any of the below steps, please write to support@blucheq.com for assistance.

Follow the steps below to appoint your EU representative, update your privacy policy with their contact information, and share your record of processing activities with them.

  1. Select your plan

  2. Create your account

  3. Sign your appointment letter

  4. Update your privacy policy

  5. Complete your record of processing activities

Select your plan

Go to blucheq.com and select a plan based on your expected usage.

We recommend most businesses start with our Essential plan. We have structured our plans such that even if your request volume spikes for a month, you will not need to upgrade plans until you exceed the quota for two months during your subscription period.

If you anticipate a large volume of requests or have complex data operations, we recommend you schedule a call to discuss an Enterprise plan customized to your needs.

After you select your plan, you will be asked to provide three pieces of information before creating your account:

  1. Company name and website URL

  2. Primary contact

  3. Payment details

Company name and website URL

In the first screen, specify your company name and website URL, which will be used to create your account and generate a legal agreement between you and your EU representative.

Primary contact

In the second screen, please specify the name and contact details of the individual that will be the signatory to the EU representation agreement. The email address you provide here will be the email address used for portal account creation.

Payment details

In the third screen, provide your credit card information to process your payment. If the billing address for the credit card is different than the address provided for your primary contact, uncheck "Use my billing address as card address" and input the correct billing address.

As a final step, you will confirm agreement to our terms of use and privacy policy. Once complete, you will be forwarded to the portal registration screen to create an account.

Create your account

In the registration screen, enter your email address to create an account to access our portal. Ensure this email address matches the email address you provided in the previous step.

If you receive an error message stating That email address is not permitted to register for this app, please double-check that you are using the same email address you provided as part of your payment details and that your payment was not rejected.

Follow the instructions in the subsequent email confirmation to complete your registration and login to the portal.

Sign your appointment letter

Follow the instructions in the email you receive to review and sign your EU representative appointment letter. After your EU representative countersigns your letter, you will receive an email notification, and your EU representative's contact information will appear in the Company tab of the portal.

Update your privacy policy

It is your responsibility to update your privacy policy with the name, physical address, and email address of your EU representative. Physical and electronic communications sent to your EU representative by national data protection authorities and EU data subjects will be copied to the email address of your primary contact (portal username).

Refer to our privacy policy template for businesses outside of the European Union to create your policy or double-check that you address the GDPR requirements specific to businesses outside of the EU.

Complete your records of processing activities

It is also your responsibility to keep your records of processing activities (ROPA) per Article 30 updated at all times in the event your EU representative is requested to share this information with a data protection authority. You can use the templates in the Resources tab to upload in the Records of Processing Activities section in the Company tab.

Click the Edit button on the top right of the screen in the Company tab, and you will be provided with options to upload ROPAs for your role(s) as a controller and processor. If you don't process personal data of EU residents on behalf of your clients, you only need a controller ROPA.

Refer to Part 3 of our GDPR compliance guide for online businesses outside of the European Union for the regulatory requirements related to completing your ROPA.

Disclaimer

The legal information in this article is provided for general informational and educational purposes only and is not a substitute for professional advice. Accordingly, before taking any actions based upon such information, we encourage you to consult with the appropriate professionals. We do not provide any kind of legal advice. The use or reliance of any information contained on this site is solely at your own risk. If you require legal assistance, blucheq can refer you to an attorney specializing in privacy laws and regulations.