---
name: gdpr-eu-representative
title: Appointing EU Representative
description: 'Guides appointment of GDPR Article 27 EU representative for non-EU controllers or processors. Covers criteria, responsibilities, and documentation. Activate when a non-EU entity processes EU data. Keywords: EU representative, Article 27, non-EU controller, territorial scope.'
author: mukul975
author_url: https://github.com/mukul975/Privacy-Data-Protection-Skills/tree/main/skills/privacy/gdpr-eu-representative
license: Apache-2.0
version: 0.1.0
execution_mode: open
jurisdiction: general
practice: data-protection
language: en
---

# Appointing EU Representative

## Overview

Article 27 requires controllers or processors not established in the Union but subject to GDPR under Art. 3(2) to designate a representative in a Member State where affected data subjects are located.

## Implementation Approach

### Phase 1: Assessment
1. Review current state against applicable GDPR articles.
2. Identify gaps between current practices and requirements.
3. Classify gaps by severity and regulatory risk.
4. Document the assessment with evidence references.

### Phase 2: Design
1. Design measures to address identified gaps.
2. Align measures with organisational capacity and risk appetite.
3. Obtain DPO and stakeholder review of proposed measures.
4. Create implementation timeline with milestones.

### Phase 3: Implementation
1. Execute the implementation plan according to priority.
2. Document all measures implemented with evidence.
3. Train relevant staff on new procedures and requirements.
4. Validate implementation through testing or review.

### Phase 4: Maintenance
1. Schedule periodic reviews (minimum annual).
2. Monitor for regulatory changes affecting the scope.
3. Update measures in response to audit findings or incidents.
4. Report on compliance status to the governance structure.
