Lead Supervisory Authority

Under GDPR's one-stop-shop mechanism, the data protection authority responsible for acting as the primary supervisor for an organization conducting cross-border processing in multiple EU member states. The lead supervisory authority is typically the DPA where the organization has its main establishment in the EU. This mechanism simplifies compliance for multi-national organizations by providing a single point of contact rather than coordinating with multiple authorities. The lead authority handles complaints, conducts investigations, issues decisions, and coordinates with other concerned supervisory authorities through the consistency mechanism. However, other authorities retain certain powers, particularly for local processing and urgent situations. Organizations should identify their lead supervisory authority, establish relationships with the lead authority, understand that cooperation with other authorities may still be required, and recognize that the lead authority coordinates but doesn't exclude other authorities entirely. The one-stop-shop reduces regulatory fragmentation while maintaining protection standards.