The European Court of Justice (ECJ) has ruled:
Data of managing directors and other representatives of legal entities are protected under the General Data Protection Regulation (GDPR). The April 3, 2025 decision (Case C-710/23) clarifies a key point in data protection law—with significant implications for businesses.
The Case: Dispute Over Disclosure of Director Data
The ECJ had to decide whether information about the legal representative of a legal entity (name, signature, contact details) falls under the GDPR.
The Decision: Director Data Is Personal Data
Yes, says the court. If data relates to a natural person—regardless of their role—the GDPR applies. Publishing a director’s name, signature, or contact info is considered “processing of personal data” under Article 4(2) GDPR. The purpose of the disclosure (e.g., identifying who is authorized to act) doesn’t matter.
What Does This Mean for Businesses?
This ruling has major consequences:
- Director data is protected: Even representatives of legal entities enjoy full GDPR protection.
- GDPR-compliant processing required: Companies must process such data lawfully, inform the data subjects, and ensure their rights are respected.
- No exception for representatives: Being a company director doesn’t reduce one’s data protection rights.
FAQ: Director Data and the GDPR
What director data is covered by GDPR?
Any info linked to an identified or identifiable natural person—e.g., name, address, email, phone, birthdate.
What should companies keep in mind when processing director data?
They need a legal basis (e.g., consent, contract), must provide transparency, and respect data subject rights (access, rectification, erasure, etc.).
