- 1.
Where Article 3(2) applies, the controller or the processor shall designate in writing a representative in the Union.
- 2.
The obligation laid down in paragraph 1 of this Article shall not apply to:
- a) processing which is occasional, does not include, on a large scale, processing of special categories of data as referred to in Article 9(1) or processing of personal data relating to criminal convictions and offences referred to in Article 10, and is unlikely to result in a risk to the rights and freedoms of natural persons, taking into account the nature, context, scope and purposes of the processing; or
- b) a public authority or body.
- 3.
The representative shall be established in one of the Member States where the data subjects, whose personal data are processed in relation to the offering of goods or services to them, or whose behaviour is monitored, are.
- 4.
The representative shall be mandated by the controller or processor to be addressed in addition to or instead of the controller or the processor by, in particular, supervisory authorities and data subjects, on all issues related to processing, for the purposes of ensuring compliance with this Regulation.
- 5.
The designation of a representative by the controller or processor shall be without prejudice to legal actions which could be initiated against the controller or the processor themselves.
GDPR Article EN
Article 27
Representatives of controllers or processors not established in the Union
Related across sources
Guidance Guidelines 05/2020 on consent under Regulation 2016/679 Guidance Guidelines 01/2022 on data subject rights - Right of access Guidance Guidelines 8/2022 on identifying a controller or processor's lead supervisory authority Guidance Guidelines 1/2019 on Codes of Conduct and Monitoring Bodies under Regulation 2016/679 Guidance Guidelines 4/2019 on Article 25 Data Protection by Design and by Default Version 2.0 Adopted on 20 October 2020 Guidance Guidelines 9/2022 on personal data breach notification under GDPR