Article 27 - EU Representation Application

This form is required to be completed by businesses which are seeking to engage the EU Representation or Representative Services of (GDPR Forensic Limited) to meet the requirements of Article 27 of the GDPR.

  1. Review our Collection Notice to understand what we will do with your Personal Data.

  2. Complete and submit this form - Ensure that you attach the Signed Section 7 from the Collection Notice.

  3. We will review your application, usually within 24 hours, and advise of the next steps or move to an agreement.

  4. When we send you the agreement ready to sign. You sign it and return it to us.

  5. Once your agreement is counter signed by us and returned to you, you will be directed to the payment page.

  6. Once your payment is received, we will generate your "Letter of Appointment", advise the UK ICO of your appointment as your EU Representative, and then send you the completed document package with Agreement and you will also receive a CC email to the UK ICO with the Letter of Appointment.

1. Primary Contact Details

Other Title

1.1 First Name / Forename

1.2 Last Name / Surname / Family Name

1.3 Email Address

1.4 Contact Telephone Number

2. Business Details

2. Business Details

2.1 Registered Business Name -OR- Trading Name

2.2 Business Registration Number

2.3 Registered (Operating) Country  / Region

2.3 Registered (Operating) Country  / Region

2.3a Date business Established?

2.4 Registered Business Address / Legal Address

2.5 If your business trades in a location or publishes that it trades in a location that is not the same as your business address above, provide the addresses that your business publishes as contact addresses. e.g. You have on your website that you trade in the USA, but you really only have a postal address from another service provider in that location. Once address per line.

2.6 Public website URL

2.7 Provide a detailed description of the business, what it makes or does?

2.7 Provide a detailed description of the business, what it makes or does?

2.8 Select the Legal Entity Type for your business?


2.10 Provide your annual global turnover for the registered entity in USD?


2.9 If you selected Other in 2.8, describe what other is in legal terms?

2.11 Describe how you take the majority of your payments?


3. Employees & Training

3. Employees & Training

3.1 Using the following definition, describe your staffing and employment arrangement. Full-Time (FTE): Work for you all the time and are permanent members of staff with all the benefits of other employees. Part-Time (PTE): Have similar entitlements to FTE's but don't work as many hours.  Contingent Employees: These are something like an Independent Contractor, however they may be more integrated with the business, they may have logins like FTE's and although they are Contractors, they are treated with higher duties or hold greater positions of trust. Independant Contractors: Totally freelance, they pay their own tax, they may invoice you rather than get a set wage. Provide a number next to each class of employee (Data Subject) or 0 for none.

3.2 Have the people above (the Employees, Executive, Managers, Contractors etc.) had any formal training in Data Privacy Handling.

Note: If you have completed the Data Privacy (GDPR)  For Non-EU Small Business and if you have successfully passed the BrainCert exam then select Yes, and provide your the email address on your that your exam results were set to. You will need this to receive your Small Business Data Privacy accreditation.

3.2(a) BrainCert Email Address

3.6 Describe the Data Privacy Training that you Employees and Contractors have done?

3.6 Describe the Data Privacy Training that you Employees and Contractors have done?

4. Data Privacy Compliance

4. Data Privacy Compliance


4.1 Provide details of your business Data Privacy Certifications, if any?

4.2 If you selected "Other" in 4.1, provide the details of other?

4.3 Has your website Privacy Policy (Statement) been reviewed and approved by a Data Privacy competent lawyer?


4.4 Does your business have on staff, or has your business engaged a fully qualified and certified DPO?

4.5 If your business has a DPO, as described in 4.4, provide the Certification or Qualification that your DPO has attained?

4.6 If 4.4 is Yes, provide the Full Name of your DPO?

4.6 If 4.4 is Yes, provide the Full Name of your DPO?

4.7 If 4.4 is Yes, provide the Full International Telephone of your DPO?

4.8 If 4.4 is Yes, provide the Email Address of your DPO?

5. Data Subject Touch Points

5.1 Provide the URL for your website Privacy Policy or Privacy Statement?

5.2 Has your website Privacy Policy (Statement) been reviewed and approved by a Data Privacy competent lawyer?

5.3 With regard to your Privacy Policy and the general operation of your business, has a Data Privacy Impact Assessment been carried out for the Collection, Use and Storage of Personal Data used in your business?

Upload a copy of the DPIA
Max File Size 15MB

5.4 If Yes in 5.3, upload a copy of the DPIA that you are referring to?

5.5 If No in 5.3, describe how you collect, use and store the Personal Data in your business?

5.6 Can any employee, contractor or other person that has not been trained to handle and manage Personal Data see the Personal Data?

5.7 How long will you retain Personal Data, once you have finished processing it?

5.8 Is the Personal Data subject to any formal Record Keeping process or procedure?

5.8 Is the Personal Data subject to any formal Record Keeping process or procedure?

5.9 Is the Personal Data used for Bulk Emailing? (There is nothing wrong with this practice as long as it is advised in the Collection Statement)

5.10 If Yes in 5.9, How often do you Process the Personal Data to produce a bulk mailing "Run"?

5.11 If Yes in 5.9, describe how you first obtained the Data Subject's consent for the Personal Data to be used this way?

5.12 If Yes in 5.9, do you provide an Unsubscribe option on the bulk email?

5.13 If Yes in 5.12, describe the Unsubscribe process?

5.14 Have you ever received email in response to a Bulk Mailing asking "How you got my details" or "Where did you get my email from" style questions?

5.15 Do you collect your own Personal Data directly from the individual Data Subjects?

5.16 Have you ever purchased Personal Data or do you practice the purchase of Personal Data. This includes by contractors directly engaged by you to canvas for Personal Data or scrape it from social media or other website? (This practice is still legal under GDPR law, it just needs to be advised to the Data Subjects correctly)

5.17 Is the purpose for which you Process Personal Data Lawful?

5.18 Do you share Personal Data with third Parties?

5.19 If Yes in 5.18, describe the services that the third parties provide with your Personal Data?

5.20 If Yes in 5.18, do you know if they are Data Privacy Compliant?

5.21 If Yes in 5.18, have they attested to any Data Privacy Certifications?

5.22 Under Data Privacy laws, you must ordinarily, only process the Personal Data of Data Subjects with consent. Have you planned to seek consent (or reaffirm consent) for EU residents to continue to use their Personal Data after the 25th of May 2018?

5.23 Other than an option to Unsubscribe from email lists, how will Data Subjects be able to exercise their Data Subject Rights with your business?

5.24 Is your business willing and prepared to accept the Data Privacy advice from the CPO or DPO's of GDPR Forensic Limited to assist in securing the Rights and Freedoms of Data Subjects?

6. Business Ownership

6.1 Business Owner or Director's Surname / Family Name

6.2 Business Owner or Director's First Name / Forename

6.3 Business Owner or Director's Email Address

6.4 Business Owner or Director's Telephone Number

6.5 Business Owner or Director's Residential or Home Address

7. Authority

7.1 Download the Collection Statement for this Data Subject Collection and Sign the Authority at the end of the form, and upload the entire signed form.

Upload File
Max File Size 15MB

Appendix 1

This information will become a part of your EU Representative Agreement if your application is successful. Please answer each one of these questions fully and as comprehensively as you can. 

A1. Details regarding the Processing of Personal Data of Data Subjects in the European Union (EU)?

A2. The Categories of Personal Data that are Processed are?

A3. The Purposes of the Processing are?

A4. Categories of Data Subjects?

A5. Recipients of the Personal Data?

A6. Types of Sensitive Data?

Need to know something? Send Us an Email:

ALL PRICES ON THIS WEBSITE ARE Euro € unless otherwise stated.

© 2016 - 2019 by GDPR Forensic Limited All Rights Reserved. 

The star logo and the DPO and CA Seals are Trademarks of GDPR Forensic Limited, unauthorised use is prohibited.

  • Facebook Social Icon
CA Certified Logo Device
DPO Certified Logo Device