Data Protection Services at KINAST

EU Representative

If you are a company that does business in Europe, but you have no physical presence there, you may be unaware of the legal requirement to appoint an EU Representative. If your company falls into this category, it is important to take action now to avoid any legal penalties down the road.

Top 5 Law Firm in Germany

The purpose of an EU Representative

The General Data Protection Regulation (GDPR) has been a major change for all european businesses and organizations to deal with, and it’s been no easy task. But the GDPR doesn’t only effect businesses based in the European Union. To ensure the privacy of european citizens, international businesses doing business in Europe also need to adhere to certain european privacy laws.

One of the key aspects of the GDPR, requires data processors and controllers outside the European Union to guarantee European authorities access to any records maintained through doing business within Europe.

Having an EU Representative serves an important purpose: it allows for quick communication between yourself and officials from multiple european countries who may have questions about what actions, if any, should be taken against them when engaging internationally (or within their own country).

Perfectly placed to act as your EU Representative.

With our main offices located in Germany - the birthplace of GDPR law and with more european borders than another other EU member - our legal practice has it's roots in the very heart of Europe.

EU Representative for international businesses

Our Consultation Process

Introduction of your company and KINAST as well as the relevant contact persons. Discussion of the current data protection setup and most important data protection topics.

We conduct data protection audit on-site or based on questionnaires to evaluate the current data protection status of your company.

Document the current data protection status and define further required actions if necessary.

We carry out all necessary measures identified during the data protection audit.

Designation as External data protection officer and on-going consultation starting from day 1.

It is important to note, that an EU Representative is not the same as a Data Protection Officer. Just because you already have your own DPO, in your own country, it doesn't mean you are adequatly represented within the European Union.

Which qualifications does an EU Representative need?

An EU representative, appointed by an international organisation, does not officially need to hold specific qualifications in order to perform the duties required. Despite this, it is strongly recommended that organisations appoint qualified Data Protection Lawyers or privacy professionals. It is essential that your EU Representative has previous experience in interacting with the european supervisory authorities and handling data subject requests. This will help to minimise non-compliant data handling and the subsequent consequences for not meeting european data protection standards.

What choose KINAST as your EU Representative?

Due to the increased fines, the obligation to report to authorities and potential loss of reputation, it is becoming increasingly important for companies to obtain knowledgable and legally correct advice on Data Protection Law. Based on our qualifications and our proven concept, we ensure future proof data protection in your company. As your External DPO we guarantee a long term, sustainable solution and minimize the risk of liability.


We are an experienced team of lawyers with many years of experience and knowledge in data protection law, data security and as DPOs.

Practical experience

Due to many years of practical experience we know companies "from the inside". In colloquial terms, you should be able to "live what we advise".

IT affinity

Regardless of existing or new IT systems, our attorneys have a profound technical understanding and advise you accordingly.

Cost transparency

We work on the basis of fixed hourly contingents, keeping pricing simple and managable.

Guaranteed legality

We are not only outstanding data protector officers, but also experienced lawyers.

Individual solutions

We do not work "off the peg", but offer tailor-made concepts, specifically for your business.

Efficient organisation und communication

Our soluitions lay high priority on open communication, transparent project management and defined goals.

Drafting of legal documents

We draft guidelines, work instructions, operating and service agreements, declarations of consent and commitment, lists of procedures and contracts on a daily business.

Personality and continuity

We do not provide you with just any resource, but with the right colleague for you – permanently and without unpleasant changes.

EU Representative - Legal Services in Europe
KINAST Attorney at Law - Your EU Representative
EU Representative - Legal Services at KINAST
GDPR - EU Representative

Choose KINAST Attorneys at Law as your EU Representative.

We have a long history of providing legal services to international companies doing business in Europe and we are long standing experts in data protection law. As your EU Representative we will ensure that your company is compliant with GDPR privacy laws and that you continue to do business with European clients without any interruption or penalties.

Send this page to a colleague?


Frequently asked questions

We understand that many clients still have questions about the services and duties of an External Data Protection Officer. We’ve answered some of the most frequently asked questions here. If you have more specific or specialist questions, feel free to contact us, and one of our Lawyers or Data Protection Officers will get back to you as soon as possible.

If you are in business with European clients and you are not located in a member state of the EU, you are in need of an EU Representative. This is often the case for retailers outside of the EU that ship to the EU and target European customers.
With regard to Art. 27 (2) GDPR, an EU Representative is not needed in the following cases:
occasional data processing on a minor scale, excluding special data categories as referred to in Art. 9 (1) GDPR or personal data relating to criminal convictions and offences referred to in Art. 10 GDPR, which is unlikely to result in a risk to the rights and freedoms of natural persons,
⦁ processing by a public authority or body.

It is mandatory to appoint a DPO:

  • where the processing is carried out by a public authority or body,
  • where the core activity of the controller or processor is to carry out processing operations which, by their nature, scale and/or purposes, require extensive, regular and systematic supervision of data subjects, or
  • where the core activity of the controller or processor is the processing on a large scale of special categories of data as referred to in Art. 9 GDPR or of personal data relating to criminal convictions and offences as referred to in Art. 10 GDPR.
    For example in Germany, according to § 38 Federal Data Protection Act (BDSG), a DPO must be appointed if:
  • as a general rule, at least 20 persons are permanently involved in the automated processing of personal data,
  • the controller or the processor is subject to a DPIA pursuant to Art. 35 GDPR, or
  • personal data are processed for the purpose of transmission, anonymous transmission or for purposes of market and opinion research.

The EU Representative can be any natural or legal person and should, according to Art. 27 (3) GDPR, be established in one of the member states where the data subjects, whose personal data are processed in relation to the offering of goods or services to them, or whose behaviour is monitored, are.

No, the EU Representative does not have to be part of your entity. The EU Representative can be an external service provider. Organisations such as law firms, consultancies or private companies based in the respective member state where the business is carried out can be elected to serve as an EU Representative for your company.
A knowledge of the respective member state language and a specific understanding of the data protection law is recommendable.

Ask us for a quote

Please provide our team with a few details about your company. This makes it easier for us to assign the correct expert for your needs

Let's talk

Simply leave your details here and one of our lawyers or data protection experts will get back to you as soon as possible.

Media enquiries

Simply leave your details here and one of our marketing team will get back to you soon.

Partnership enquiries

Simply leave your details here and one of our marketing team will get back to you soon.