If your organisation Is established in a single Member State and you are only processing the personal data of data subjects within that same Member State, then the supervisory authority of that Member State is your supervisory authority.
If you are processing personal data because of some legal obligation or in the public interest or because official authority is vested in your organisation, the supervisory authority concerned shall be the supervisory authority.
Where cross-border processing occurs, you must establish who your lead supervisory authority is. Familiarise yourself with the concept of the 'one-stop-shop'
With a group of undertakings it is usual that its headquarters are deemed to assume overall control ergo, its main establishment. And the supervisory authority of the main establishment acts as lead supervisory authority.
Controllers not established in the EU must deal with local supervisory authorities in every Member State they are active in, through their local representative.
The content herein is provided for your convenience and does not constitute legal advice.
Compliance Technology Solutions B.V. 2018