Your EU Representative


  • The EU representative act on behalf of the controller or the processor and may be addressed by any supervisory authority
  • The EU representative should be explicitly designated by a written mandate;
  • The EU representative must be a trusted and experienced data protection firm, considering that responsibility or liability remains on controller/processor;
  • The EU representative shall be established in one of the Member States.

The GDPR Representative service is dedicated for non-EU based Clients with respect to obligations under the GDPR, pursuant to Art. 4(17). With the recent introduction of the GDPR, the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union (or not established in the Union, but in a place where Member State law applies by virtue of public international law) requires the designation of a representative in the Union. This obligation occurs in particular when the processing activities are related to:

  1. the offering of goods or services, irrespective of whether a payment of the data subject is required, to such data subjects in the Union; or
  2. the monitoring of their behaviour as far as their behaviour takes place within the Union.
The GDPR asks that non-EU Companies shall identify a representative established in one of the Member States where the data subjects, whose personal data are processed in relation to the offering of goods or services to them, or whose behaviour is monitored, are. Therefore, thanks to the DPO Compliance Consulting office in Rome, Italy, extra-EU companies will fulfill GDPR requirements on EU representative, relying on a Group of experts which will supports non-EU firms to respect all obligations sets out by Art 27 of the GDPR, therefore:
  • Representing the controller or processor regarding their respective obligations under GDPR Regulation;
  • Maintaining a record of processing activities;
  • Cooperating with the supervisory authority on GDPR related issues.

Your DPO


  • DPO is necessary if Company’s core activities consist of processing operations with regular and systematic monitoring of data subjects on a large scale;
  • DPO is necessary if Company’s core activities consist of processing on a large scale of “sensitive” data;
  • A group of undertakings may appoint a single data protection officer;
  • The GDPR requires that the DPO shall be designated on the basis of professional qualities and, in particular, expert knowledge of data protection law and practices;
  • The DPO may be a staff member of the controller or processor, or be external, on the basis of a service contract.

DPO Compliance Consulting has the necessary expertise and knowledge on data protection law and practices capable to assist the controller or processor to monitor internal compliance with GDPR Regulation.
With the DPO Service the DPO Compliance Consulting supports Clients with all tasks provided for by data protection law:

  • Informing and advising the controller or the processor and the employees on GDPR compliance;
  • Monitoring compliance with GDPR Regulation, with other Union or Member State data protection provisions and with the policies of the controller or processor in relation to the protection of personal data;
  • Advising on data protection impact assessments (DPIA);
  • Cooperating with the supervisory authority;
  • Acting as the contact point for the supervisory authority on issues relating to GDPR.


Your GDPR Consultancy Services

The DPO Compliance Consulting provides Clients with the tools to avoid risks related to sanctions on privacy issues provided for by the New European Regulation on personal data protection (GDPR).
With a highly specialized consultancy service in GDPR, DPO Compliance Consulting is focused on Accountability, Privacy-by-Default and Privacy-by-Design principles of GDPR, with a practical know-how, thanks to the experience and cross-disciplinary skills of its Consultants.
The DPO Compliance Consulting’s mission is to provide those means to maximize customer experience, from the collection of consent and the management of privacy notices to the adoption of the most appropriate security measures against cyber-attacks.
Among the tools of the DPO Compliance Consulting, Clients, whether in the position of Controller or Processor, will be able to rely on:

  • Data Protection Officer Service;
  • GDPR Representative service for extra-EU Companies;
  • Records of processing activities;
  • Data Protection Impact Assessments (DPIA);
  • Technical and organisational measures to ensure and to be able to demonstrate that processing is performed in accordance with GDPR (e.g., Physical and Cyber Security measures, Privacy Training, Privacy Procedures, Internal Audit);
  • Transparency (Privacy Policies);
  • Risk and GAP Analysis of personal data processing activities.

Discover more!

Contact us and try our online self-assessment to find out if the European Regulation on Personal Data (GDPR) applies to your organization!



* These fields are required.