EDPB Guidelines on LSA

Guidelines 8/2022 on identifying a controller or processor’s lead supervisory authority

The guidelines focus on supporting entities with identifying a lead supervisory authority and discuss key concepts such as 'cross-border processing of personal data', 'lead supervisory authority', and 'main establishment'. The document outlines steps to identify the lead supervisory authority, discussing the main establishment for controllers, groups of undertakings, joint data controllers, and borderline cases, along with considerations for processors. Additional sections cover the role of the 'supervisory authority concerned', local processing, companies not established within the EU, and an annex with questions to assist in identifying the lead supervisory authority.