GDPR & International Organisations

If you are multinational organisation, under GDPR you will be entitled to work with one Data Protection Authority and this will be referred to as a Lead Supervisory Authority (LSA), this will be your single regulatory body, the LSA should be in the country where they their main office, this will where your main administration offices are based or where decisions about data protection are made.

The LSA will then be responsible to regulate all matters of data protection for your organisation, although there may be times when you need to consult with other DPAs.

What you need to do?

Map out where your organisation makes its most significant decisions about data processing, this will help you determine your main establishment and your LSA.