Hintergrundgrafik intersoft consulting services AG
Skip to content

EU Representative

With expertise in data protection law and technical understanding, we are your representative in the EU.

Your benefits

Convince yourself of the benefits of a cooperation with us.

  • Special knowledge in GDPR

    We dealt with the General Data Protection Regulation at a very early stage and therefore have extensive specialized knowledge.

  • Pragmatic solutions

    Through many years of experience in different company types, industries, and structures, we offer practice-proven solutions.

  • Data protection and IT expertise

    The various qualifications of our consultants in data protection and information technology are unique in the industry.

Your EU representative in all matters relating to the GDPR

Contact person for data subjects and authorities

According to Article 27 (1) GDPR, companies need an EU representative if, as a controller or processor, either offer goods or services to data subjects or monitor the behaviour of data subjects in the Union, and are not established in the EU – but in a so-called third country. The EU representative acts as an additional contact person for supervisory authorities and data subjects within the EU. With the written appointment, he acts on behalf of the controller and must fulfil the tasks and obligations pursuant to Article 27 GDPR.

There are no specific requirements for the qualifications of the EU representative. However, he or she should have legal expertise in data protection law and a high level of technical understanding to be able to communicate with the supervisory authorities at eye level. Our consultants are lawyers with a great deal of expertise in European data protection law. With our wealth of knowledge and experience built up over decades, we ensure compliance in data protection while taking a very pragmatic approach. In the function of EU representative, we represent your interests in the European Union in compliance with European data protection regulations. We support you in fulfilling the obligations under Article 27 GDPR and, if requested, advise you on how to implement your business activities in the European Union in a data protection-compliant manner.

Professional partner in EU data protection

For many years, we have been advising companies in an international context and have contributed to ensuring compliance. As your EU representative, we support you in fulfilling your obligations under Article 27 GDPR within Europe. We know the tasks and obligations very well and act as an adequate contact point in all matters for supervisory authorities and data subjects. In doing so, we always consider the individual and structural circumstances of the company and bring them into line with compliance with the European requirements.

Our extensive experience in setting up a complaints management system for data subjects enables us to draw on established processes and best practices. We have extensive experience in communicating and dealing with supervisory authorities. We will maintain your records of processing activities and will also be happy to support you in creating the records in accordance with the requirements of Article 30 GDPR. For the implementation of these documentation requirements, you can use our data protection management software Guardileo, if required.

How we can support you as your EU representative

  • Fulfilling the position of an EU representative in accordance with Article 27 GDPR
  • Acting as a contact point for communication with supervisory authorities
  • Acting as a contact point for data subjects concerning all matters related to data protection
  • Addressing data subjects’ requests
  • Assisting in the preparation and maintenance of the record of processing activities
Hintergrundgrafik intersoft consulting services AG
You too can trust one of the leading service providers for data protection in Germany. Request an offer here

Frequently asked questions about the EU representative

We’ll tell you what you should know about the role of the EU representative.

A company must appoint an EU representative pursuant to Article 27 (1) GDPR if this company (i.e., the represented party) offers goods or services within the EU to data subjects or monitors their behaviour in the EU in accordance with the marketplace principle laid down in Article 3 (2) GDPR, but does not have an establishment in the EU, i.e., within the scope of the GDPR, but instead is established in a third country.

  • Accordingly, there must be a targeted processing of personal data of data subjects located in the EU, regardless of their nationality/legal status (Recital 14) and
  • the specific data processing must relate to the offering of goods or services (including free of charge) or behavioural monitoring in the EU.

Exceptions only apply in the case of occasional processing of personal data with low sensitivity, which does not result in a risk to the rights and freedoms of natural persons, or if the company is a public authority or body. If these exceptions do not apply, the designation of an EU representative is mandatory by law and therefore required. If the designation is not made despite the existence of the above-mentioned requirements, the competent supervisory authority may impose an administrative fine on the company in question.

The concrete tasks and duties of the representative result from Article 27 (4) GDPR in conjunction with. Recital 80 sentence 5 as well as from the contract with the represented party. Essentially, the EU representative shall act as a concrete contact point for data subjects as well as supervisory authorities. The following tasks and duties are essentially covered by this:

  • Maintaining and making available the records of processing activities in response to requests from supervisory authorities, insofar as these activities are subject to the responsibility of the representative. This includes processing activities for which the territorial scope of application is opened pursuant to Article 3 (2) GDPR (Article 30 GDPR).
  • Cooperation with the supervisory authority in the performance of its tasks (Article 31 GDPR).
  • Provision of all information required by the supervisory authority in the performance of its tasks (Article 58 (1) (a) GDPR). The supervisory authority may accordingly require the EU representative to provide the necessary information.
  • Additional contact point for the supervisory authority, data subjects, and, where applicable, other bodies for all issues relating to the processing of personal data, Article 27 (4) GDPR.
  • Pursuant to Section 44 (3) sentence 1 German Federal Data Protection Act, the representative is authorised to accept official service in civil court proceedings (only applies to actions brought by data subjects against the controller or processor).

The EU representative must be established in one of the EU Member States where the data processing takes place or where the data subjects are located. Pursuant to Article 27 (1) GDPR, the controller or processor, in cases pursuant to Article 3 (2), shall designate in writing a representative in the Union. In addition, the controller or processor shall expressly appoint the representative and instruct him or her in writing. The GDPR does not provide any further specific requirements regarding the duration of the designation, the possibility of revocation or termination.

In practice, the function of a representative in the Union may be exercised based on a service contract. The contract should regulate the responsibilities, tasks and powers incumbent on the EU representative under Article 27 GDPR. It is not necessary to inform the supervisory authorities about the EU representative. The EU representative should be named in the data protection information (Article 13, 14 GDPR) and in the records of processing activities.

Competence of more than 60 consultants

More than 60 consultants provide suitable solutions for your company. Meet some selected consultants here.

Listed below you will find certificates and memberships of the group of companies, which prove our high standards.

CIPP/E Certification

CIPP/E Certification

Consultants from intersoft consulting services AG have been certified as Certified Information Privacy Professionals (CIPP/E) by the International Association of Privacy Professionals (IAPP). The certificate is ANSI and ISO compliant (ISO 17024) and identifies the consultant as having recognized qualifications in the area of European data protection.

Cyber Security Council Germany e.V.

Cyber Security Council Germany e.V.

Cyber-Sicherheitsrat Deutschland e.V. is an association whose purpose is to promote the security of business and society in the age of digitalization and also to position itself as a pioneer internationally. Companies, authorities and political decision-makers shall be strengthened in the fight against cybercrime. As a member, intersoft consulting services AG is proactively involved and advises companies with great competence in the area of cyber security.

CIPM Certification

CIPM Certification

Consultants from intersoft consulting services AG have been certified as Certified Information Privacy Managers (CIPM) by the International Association of Privacy Professionals (IAPP). The CIPM is the only globally accredited certification in data privacy management and trains contact persons with a high level of expertise for day-to-day business in all aspects of data protection. The certification is also ISO accredited (ISO 17024:2012).

ISO 9001 certified

ISO 9001 certified

With the certification of its quality management according to ISO 9001, intersoft consulting services AG documents its efforts to continuously improve its services, processes and cost efficiency in order to further increase customer and employee satisfaction.
View certificate

Servicepoint Cybersecurity

Servicepoint Cybersecurity

intersoft consulting services AG is part of the security partnership Servicepoint Cybersecurity in Schleswig-Holstein. The Servicepoint Cybersecurity is an initiative of the independent organization of the digital economy DiWiSH. It provides a central and confidential point of contact for inquiries about preventive measures. In the event of imminent attacks, it helps to request specialized cybersecurity companies such as intersoft consulting services AG for support offers anonymously.

IAPP Corporate Member

IAPP Corporate Member

Through our corporate membership in the International Association of Privacy Professionals (IAPP), our consultants are interconnected with leading data protection and IT security experts worldwide. As an internationally recognized standard, IAPP signals a high level of trust and is gaining in importance due to the GDPR.

ISO 27001 certified

ISO 27001 certified

With the certification of its information security management system (ISMS) according to ISO 27001, intersoft consulting services AG documents its ability to maintain the confidentiality, integrity and availability of the information entrusted to it. Customers can thus rely on appropriate risk management.
View certificate

Cyber Security Practitioner

Cyber Security Practitioner

Several employees of intersoft consulting services AG are certified as Cyber Security Practitioner (CSP) by the Information Systems Audit and Control Association (ISACA). This is a certificate course in cooperation with the Alliance for Cyber Security from the German Federal Office for Information Security (BSI). This qualifies the employee as an expert in this field and enables him/her to perform a cyber security check to assess cyber security in companies and government agencies.

  • Fully qualified lawyers (2 state examinations), including attorneys with doctorates
  • Specialists in IT law, intellectual property law, copyright and media law, insurance law and social law
  • Master of Laws in IT law, media law, intellectual property law and industrial property law
  • Bachelor of Laws in information law and business law
  • TÜV‑certified data protection officers and data protection auditors
  • Certified Information Privacy Manager (CIPM), Certified Information Privacy Professional (CIPP/E)
  • IT‑Compliance Manager (ISACA) and Compliance Officer (TÜV)
  • Data Protection Officer following association criteria (BvD)
  • BSI certified audit team leader for ISO 27001 based on IT baseline protection and IS auditor
  • ISO/IEC 27001 Lead Auditor, ISO/IEC 27001 Implementer, ISO/IEC 27001 Practitioner
  • GIAC Certified Forensic Examiner, GIAC Advanced Smartphone Forensics, GIAC Reverse Engineering Malware, GIAC Cyber Threat Intelligence, GIAC Certified Incident Handler, GIAC Penetration Tester, GIAC Battlefield Forensics and Acquisition
  • IT Security Officer (TÜV)
  • Computer scientist and business information scientist
  • Master of Engineering IT Security and Forensics
  • Bachelor of Science General and Digital Forensics
  • Cyber Security Practitioner (ISACA), IT Information Security Practitioner (ISACA)


We advise hundreds of companies throughout Germany and are thus represented in all industries. This is only an excerpt of our references.

UN Refugee Agency
Schmitz Cargobull

Our locations

With branches throughout Germany, we are also represented in close proximity to you.

Contact us

Hintergrundgrafik intersoft consulting services AG
Julia Reiter
Sales Manager
We will gladly answer your questions or provide you with an individual offer. Request non-binding offer here