How to appoint an EU representative
Appointing an EU representative is a written, designated mandate — not just a forwarding address. Here are the practical steps from choosing a provider to updating your privacy policy.
Appointment is a written mandate, not a mailbox
Appointing an EU representative under Article 27 GDPR means designating a person or organisation in the EU, in writing, to act as your point of contact. Two things make the appointment real: a written mandate that authorises the representative, and publishing its details so data subjects and authorities can use it.
The steps
- Confirm you are in scope. Use the compliance checker or read when a representative is required.
- Choose a provider with real substance — a named EU representative, DSAR handling, and published pricing rather than a forwarding address.
- Sign the mandate. This is the written designation (a power of attorney) that authorises the representative to act on your behalf.
- Receive your details — the EU address and contact point you will publish.
- Update your privacy policy with the representative’s identity and contact details, using the snippet your provider supplies.
- Reference it in your Article 30 records and keep the designation on file.
What to publish in your privacy policy
Data subjects must be able to find the representative easily. A typical entry names the representative, gives the EU postal address, and provides an email or form for exercising rights. Usantis generates this for you and hosts a public compliance page you can link to, so the details stay accurate if anything changes.
Doing it with Usantis
The whole appointment is self-service and takes about ten minutes:
- Create an account and complete a short company profile
- Pass an automated sanctions check
- Sign the power of attorney that designates Usantis as your representative
- Copy the generated privacy-policy snippet and embed your trust badge
Frequently asked questions
Related guides
Exceptions — when you do not need one
The occasional-processing carve-out and the public-authority exemption, in plain English.
Data subject rights
The eight GDPR rights your representative receives requests for, and the response clock.
Data breach handling
The 72-hour notification duty and the representative’s role when something goes wrong.
Last updated 2026-05-23.
Get your EU representative in about ten minutes
$99/month, fully self-service, with DSAR handling and a hosted compliance page included.