Who is an authorised representative for the GDPR?

The GDPR requires organisations that process personal data of individuals located in the EU & UK to appoint an AR.

Who is an authorised representative for the GDPR?
Who is an authorised representative for the GDPR?
Clive Mackintosh
August 1, 2023
GDPR

An authorised representative (AR) is a person or organisation appointed by a non-EU or UK organisation to act on its behalf in relation to the General Data Protection Regulation (GDPR). The AR's role is to liaise with data protection authorities (DPAs) and data subjects in the EU, and to ensure that the non-EU and or UK organisation complies with the GDPR.

The GDPR requires organisations that process personal data of individuals located in the EU and UK to appoint a GDPR representative/ AR if they are not themselves established in the EU or UK. This requirement applies to both data controllers and data processors.


A data controller is an organisation that determines the purposes and means of processing personal data. A data processor is an organisation
that processes personal data on behalf of a data controller.

The AR must be established in the EU and or UK and must be able to communicate effectively with DPAs and data subjects in the EU and UK. The AR must also have the necessary expertise to assist the non-EU and or UK organisation in complying with the GDPR.

The AR's responsibilities include:

  • Receiving and responding to inquiries from DPAs and data subjects.
  • Ensuring that the non-EU organization complies with the GDPR.
  • Representing the non-EU and or UK organisation maintain a record
    of its data process activities.

The AR must be appointed in writing and the appointment must be made in a way that is enforceable. The appointment should also specify the AR's
powers and responsibilities. The AR can be an individual or an organisation. The AR can be a lawyer, a consultant, or a company that specialises in data protection. The choice of
AR will depend on the specific needs of the non-EU or UK organisation.

Appointment of an AR is an important requirement of the GDPR for organisations that process personal data of individuals located in the EU and UK. The AR will play a key role in ensuring that the organisation complies with the GDPR and that data subjects can exercise their rights.

Appointing an authorised representative

For more information on appointing an authorised representative, either EU, UK, or both schedule a no-commitment call with a GDPR expert today, or get a quote to understand how our value pricing makes compliance and representation services simple.

GDPR Representative Services


Who is an authorised representative for the GDPR?

Clive Mackintosh

Founder, Data Protection & Cyber Security Lawyer

Founder & International Data Representative

Latest articles

Browse all articles
The rise in data breaches under the spotlight - Part 1. Implications on organisations
The rise in data breaches under the spotlight - Part 1. Implications on organisations
Data Breach

The rise in data breaches under the spotlight - Part 1. Implications on organisations

Clive Mackintosh
July 1, 2022
New European Union Data Protection Laws in 2024
New European Union Data Protection Laws in 2024
Data Protection

New European Union Data Protection Laws in 2024

Clive Mackintosh
July 1, 2022
We use cookies on our site.
GDPREP.ORG would like to use performance and analytic cookies while you visit and browse our site to improve your experience. This means we may collect some of your data and you can read more about our use of cookies here. You can withdraw your consent at any time by emailing us at: clive@gdprep.org. View our Cookie Policy for more information.
DenyAccept
Cookies