§ GDPR · Article 27

GDPR Article 27: Obligations, Deadlines & Penalties

Regulation (EU) 2016/679, Article 27 · All obligations · GDPR
At a glance
Article 27 of the GDPR imposes 3 obligations on controller or processor, representative.
§ Obligations

All obligations under Article 27

Obligation 1
The controller or processor shall designate in writing a representative in the Union where Article 3(2) applies. Regulation (EU) 2016/679, Article 27, Article 27
Obligated entity
controller or processor
Action required
designate
Deadline
Penalty
Exemptions
processing which is occasional, does not include large-scale processing of special categories of data or criminal convictions, and is unlikely to result in risk to rights and freedoms; or a public authority or body
Obligation 2
The representative shall be established in one of the Member States where the data subjects, whose personal data are processed in relation to the offering of goods or services to them, or whose behaviour is monitored, are. Regulation (EU) 2016/679, Article 27, Article 27
Obligated entity
representative
Action required
establish
Deadline
Penalty
Obligation 3
The representative shall be mandated by the controller or processor to be addressed in addition to or instead of the controller or the processor by supervisory authorities and data subjects on all issues related to processing. Regulation (EU) 2016/679, Article 27, Article 27
Obligated entity
controller or processor
Action required
mandate
Deadline
Penalty
§ Frequently asked

Questions about Article 27

Who must comply with Article 27 of the GDPR? +
controller or processor, representative.
What does Article 27 of the GDPR require? +
designate establish mandate
Need a cross-border briefing on GDPR Article 27?
Search Fontvera ↵
All EU obligation pages  ·  All GDPR articles