EU Representative (GDPR Art. 27)
EU Representative service for entities established outside the EU that are required to designate one under the GDPR. Acting as the point of contact for any national supervisory authority in the European Union and managing proceedings and communications relating to data protection.
How we work
Our methodology for this service
Assessment of the designation obligation
We analyse whether the non-EU-established organisation is required to designate a Representative under Article 27 GDPR based on its activity, the volume and nature of data processed.
Formalising the designation
We formalise the designation through the required written agreement, defining the scope of the mandate, the Representative's responsibilities and coordination mechanisms with the designating organisation.
Acting as the point of contact in the EU
We act as the point of contact for supervisory authorities in all EU Member States, managing communications, information requests and proceedings in the area of data protection.
Handling data subject requests
We channel European data subjects' requests to the designating organisation, coordinate responses within GDPR deadlines and maintain records of all actions taken.
Who this is for
Companies established outside the European Union — particularly in the United States, United Kingdom, Latin America and Asia — that offer goods or services to European citizens or monitor their behaviour, and that are required to designate an EU Representative under Article 27 GDPR.
Discover more by sector
Why MES Legal?
- Specialist lawyers with proven expertise in each practice area
- Offices in Barcelona and Madrid with national coverage throughout Spain
- Results-oriented, practical approach with clear risk management
- Direct professional relationship — no large-firm layers or intermediaries
Other services in this area
-
GDPR and LOPDGDD implementation
Design and implementation of a data protection policy tailored to the client's operational reality, whatever their sector: commercial, financial, real estate, healthcare, educational, legal, technology or industrial. Preparation of all documentation required for effective and proportionate compliance.
-
Privacy legal and contractual documentation
Drafting and review of data processing agreements, information notices, privacy policies, legal disclaimers, internal protocols and other legal and organisational documents required for the client's activity.
-
Records of Processing Activities (RoPA)
Preparation, review and ongoing maintenance of the Records of Processing Activities, ensuring it accurately reflects the processing carried out by the entity and remains aligned with the evolution of its operations and regulatory obligations.
-
Risk analysis and Data Protection Impact Assessments (DPIA)
Audits, risk analyses and Data Protection Impact Assessments for processing operations that may significantly affect individuals' rights and freedoms. Identification of vulnerabilities and corrective measures to anticipate contingencies and strengthen compliance.