One-Stop-Shop Mechanism

The One-Stop-Shop (OSS) mechanism is a procedural framework established by the GDPR that allows companies operating in multiple EU member states to deal with a single lead supervisory authority for their cross-border data processing activities. This mechanism simplifies compliance by designating the supervisory authority in the member state where the company has its main establishment as the primary point of contact. The lead authority coordinates with other concerned supervisory authorities through the consistency mechanism when handling complaints, conducting investigations, or imposing penalties. For businesses, this means avoiding the complexity of dealing with 27+ different data protection authorities for the same processing activities. The OSS applies only to cross-border processing—if your processing activities affect data subjects in only one member state, you deal directly with that state's authority. To benefit from OSS, companies must clearly establish their main establishment, which is typically where central administration decisions about data processing are made.