Global Data Protection Representation

Our highly competent and Industry Leading Global Data Protection Representation service is broader than that of just the EU and the GDPR...

Meeting your customer's expectation's and becoming Data Protection compliant is hard work. Your representative is usually the first point of contact for Regulators or Data Subjects. We make sure that you provide your customers with the best experience from the first step.


Our Global Data Protection Representative is a single service for all regions that require a Data Protection Representative - anywhere in the world.

Offering a highly competitive Global Data Protection Representation service, commonly referred to as GDPR (EU/UK)  Representative Services, and all the requirements to meet the EU and UK requirements of Article 27 of their respective GDPR, such as:

  • Local presence in the EU and UK

  • Multilingual support 

  • Immediate representation (of your business) to the necessary Supervisory Authority

  • Automated Processing Record Management

Our service includes multiple local contact points for your Data Subjects and Supervisory Authorities to call or fax and local addresses within EU countries, which include:

  • United Kingdom [1]

  • Italy

  • Spain

  • Germany

  • France

  • Luxembourg

  • Belgium

  • Ireland



Our high-speed digital postal services utilise advanced digital processing. This processing ensures that your official communications are available in your Global Data Protection Management System (GDPMS) - GRC instance within hours. If we receive a regulator (DPA/Supervisory Authority) request, we will also advise on a course of action that you may take to ensure that the regulator is satisfied.

All Data Subject Requests, such as requests to be forgotten, correction, access to data, and the like are managed efficiently and directly with your Data Subjects. All our representative packages include web-based forms to start a request process. Again, fully integrated with your hosted GDPMS - GRC instance. The GDPMS - GRC will process those requests for you based on predefined templates and processing rules considering the location of the Data Subject and applicable laws. Data Subject requests may be handled either electronically or using our Print 'n' Post response subject to the preference of the Data Subject [2]. The GDPMS - GRC can deliver the appropriate KYC (Know Your Customer) Identification request [3] automatically if configured to do so and required. Should a Data Subject opt for a traditional response, we can route and print your replies through our EU facilities to remain and post locally**. To help handle excessive Data Subject requests [4], the GDPMS - GRC has built-in fees and payment management facilities. As part of the audit process, the GDPMS - GRC maintains a register of Data Subject requests. It will automatically search and find prior Data Subject requests that have been made by the same Data Subject.

Additional Services Include in all Plans

Our Global Data Protection Representative plans are all-inclusive. They contain many unique features to further assist with compliance against all laws, not just those of the EU - all without extra cost (excluding services denoted with the **).

  • Annual Board Report of Data Protection activities undertaken in the prior 12 months.

  • Your own hosted GDPMS - GRC instance with Processing Register (for GDPR Article 30 compliance)

  • Free UNLIMITED Automated Real-Time Data Subject Request Management via the GDPMS - GRC.

  • Automated Regulator communications with same day processing*.

  • Additional local Data Subject and Regulator points of presence in (most businesses have data subjects in these locations too):

    • Australia​

    • United States

    • Canada

    • Singapore

    • China [ 5 ]

    • Brazil [ 5 ]

    • India [ 5 ]

    • South Africa [ 5 ]

  • Ongoing updates

Meeting global regulations requires constant upgrades to the GDPMS - GRC. Including international standards for record keeping​. Another focus is data protection laws and any amendments. Such as, EU (or other laws) where an EU Member State introduces new legislation (derogation) which may locally override the EU law.

  • Using our virtual Global DPO (vDPO) Pool to comply** -  our globally distributed vDPO pool can support your Data Protection Representative service. Focussing on the regions in which it operates. So ensuring that a US Company trading in the EU, China and say Australia is compliant and aware of all the relevant rules in those regions. Because we have a broad and diverse network, cultural issues and local customs are observed in native languages for each area. It also allows you to appoint a vDPO to work alongside your existing DPO or appoint a vDPO as an outsourced service without language or cultural barriers. (refer to the Virtual DPO for more information)

  • Data breach notification support and advice

    • With centralized Processing, distributed data subjects and a plethora of global laws, it is unlikely that any data breach will require notification to only one regulator. Regulations apply to the organisational ownership, registered location, processing location, and the data subject location. Under GDPR law (and others) you only have 72-hours to report a notifiable data breach.

    • Data Breaches come in many forms and can happen at any time. How you handle a data breach will inevitably determine the penalty you receive (this is not just for GDPR law).​ We are always available to help you manage a Security Incident 24 hours a day, seven days a week.

    • Our service is comprehensive, complete and includes

      • Data Breach Planning

      • Security Incident Management and Assistance

      • Data Breach Coaching and Training

      • Mock Security Incident staging (including management, engagement, response, lessons-learned, and refinement of processes to suit your organization.)

      • C-Suite Inclusion and Bridging 

    • We have established an International Hotline for our clients so they can act swiftly and concisely to minimize harm and restore customer confidence. We will talk you through the actions you need to take and put your Data Breach Plan into action - We become your Data Breach Leaders.

    • The GDPMS - GRC has built-in Security Incident Management and rules-based processing for more than 160 Regulator relationships around the world. Again, simplifying the whole reporting process.

    • We can create multi-lingual pop-up call centers within hours and handle concerned customer calls using a unique hot-line number to get advice about the data breach.** 

      • In the event of a data breach, ongoing communications about the status of the data breach are relayed to contact center operators. Allowing us to provide your customers with constant situation updates as the incident is resolved and they call in.

    • We can further assist with

      • Press Notices and Press Releases** 

        • Including a media watch and monitoring facilities to catch negative press and respond

      • Qualified Local Legal Support**

      • Virtual and On-Site Data Protection Officers**

      • Forensic Investigation**

      • Credit Reporting Agency notification (US Law)

Select Your Required Service Level from Our Data Protection Representative Service Plans

All the Items above without * or ** are included in your plan

1. Post BREXIT transition, the United Kingdom will become an "Additional Services" region. Under the UK GDPR, dealing with UK Citizens by organisations outside the UK will require a Data Protection Representative in the UK.

2. As described in Article 15(3) of the GDPR 679/2016

3. As described in Article 12(6) of the GDPR 679/2016

4. As described in Article 12(5)(a) of the GDPR 679/2016

5. Under Review based on current legislation and market influences (for determination by end of Q2 2019)

* Additional regulator communications are charged at € 20 per communication.

** Additional fees are applicable for this service.

Be the First to Know... Visit & Subscribe to our BLOG

Contact Us

This form is for general inquiries. If you are emailing about an existing case regarding a client that we represent, please reply to any of the email communications that you may have received from us about your matter. If you want to lodge a data subject request with a client that we represent, please visit the Data Subject Request form. You will need to know the Membership ID of the company that you would like to service your request. This information must be published on the contact page of our members website and in their Privacy Policy or Collection Statement.

If you wish to lodge a Data Subject Request regarding our service, our GDPMS ID is UK440000. Only use this code if the request is to be handled by us, that is information we have about you. If you would like to read our Privacy Policy and Collection Statement.










Maizieres Les Metz


Cirie TO



United Kingdom

71-75 Shelton Street

Covent Garden


+44 20 7442-5785

(207) 442-5785

United States

Suite 3377

304 S. Jones BLVD

Las Vegas NV 89107

+1 85 5577-8682

(US/Canada Toll-Free)








Full Service Regions


PO Box 834


NSW 2057

+61 4 6621-2726

(04) 6621-2726

Collection Statement & Privacy PolicyWebsite Cookie Policy | Support Desk

© 2010 - 2019 SPTG LLC, GDPR Forensic Limited. All rights reserved.

Data Protection*Services and are Trademarks of GDPR Forensic Limited (UK) and associated companies.

All prices on this website are EUR/EURO "€" unless otherwise stated.

The star logo and the DPO and CA seals are Trademarks of GDPR Forensic Limited,

unauthorised use is prohibited.