Our IAPP certified privacy professionals are experienced in providing quality GDPR Art. 27 Representative services for international organizations.


Lionheart Squared Ltd is established in the UK. We provide GDPR Article 27 Representative services to organisations that:

  1. Offer goods or services to UK based individuals, or
  2. Monitor the behaviours of individuals within the UK

Our Experienced Representatives can
assist Organisations located outside the UK to: 

  • Comply with their obligations to nominate GDPR Representatives
  • Use their brand’s voice when communicating with UK based customers
  • Preserve their brand’s reputation with UK data protection authorities
  • Rely on knowledgeable data privacy professionals
  • Enhance compliance with their existing GDPR programmes
  • Leverage their existing cyber security and breach response capabilities
  • Supplement their cross border data transfer safeguard commitments
  • Disclose the name and contact details of your GDPR Representative in your privacy policies
  • Benefit from the convenience of the English language
  • Interact with a globally respected Information Commionser’s Office with expertise in handling complex issues
  • Connect with a global network of trusted specialists in data protection and privacy.


GDPR Representatives are designated in writing.

We enter into a written agreement that outlines the practical aspects of the relationship, including:

  • Naming the person to serve as client’s GDPR Art. 27 Representative
  • Indicating which languages will apply
  • Agreeing on responses the GDPR Art. 27 Representative is permitted to communicate on client’s behalf to data subjects and supervisory authorities
  • Providing the GDPR Art. 27 Representative’s contact details to facilitate timely communications with UK  data subjects and supervisory authorities
  • Permitting inclusion of the GDPR Art. 27 Rep’s contact details in client’s online privacy policy, cross-border data transfer agreements
  • Coordinating client’s GDPR Article 30 ‘Records of Processing Activities’ in response to requests from UK supervisory authorities
  • Cooperating with UK supervisory authorities, client’s legal counsel and related parties when responding to official letters or notices


Ttraditional data protection solutions.

Interim DPO
Schedule Interim DPO coverage during transition periods or for your DPO’s planned absences

Maturity Audits
Get an independent view of your organisation’s privacy compliance maturity level

Get help developing custom data privacy training for all your staff and customer-facing support services

Help Desk
Get access to extra privacy resources when you subscribe to our data privacy helpdesk service

Article 30 Register
Get help creating your obligatory data controller and processor ‘Records of Processing Activities’ relating to personal data of UK individuals

Get help with conducting Data Protection Impact Assessments (DPIA) and Legitimate Interests Assessments (LIA) to meet fundamental rights of UK individuals


    We will only use your contact information to respond to your inquiry about our services. Email us any time with ‘UNSUBSCRIBE’ in the subject line if you no longer want to hear from us.


    Our fees are based on a review of the client’s annual turnover, type/volume of personal data, processing locations, languages used to target and serve individuals, and other factors. We also consider demonstrable GDPR compliance steps taken by clients.

    The following plans include use of the GDPR Art. 27 Representative’s contact details, inbox monitoring, and responding to data subjects and supervisory authority inquiries. Our range of monthly fees* start at:

    • £ 49 to 89 ‘Essential’- Ideal for new start-ups processing limited personal data of individuals
    • £ 149 to 189 ‘Standard’ – Suitable for small companies processing personal data
    • £ 349 to 489 ‘Premium’- Popular with companies processing high volumes of personal data of individuals
    • ‘Custom’- Services are tailored for companies with complex data protection requirements including, processing large volumes of special categories of personal data, or monitoring the behaviours of individuals

    *Excludes VAT; and extra services (e.g., GDPR consulting, translations, records of processing activities creation, data breach response).

    Contact Us