A29WP Issues Guidance Addressing GDPR Woes: The Lead Supervisory Authority
In December 2016, the EU’s Article 29 Working Party (A29WP)—a group comprised of EU national data protection authorities (DPAs) that advises the EU Commission on EU data protection law—issued a number of GDPR guidance documents, including explanations for the mandatory DPO role, new individual right to data portability, and how to identify a “lead authority” for the GDPR’s one-stop shop enforcement mechanism.
Why Should You Care?
Organizations that are subject to the GDPR’s broad scope and grappling with how to comply with the regulation finally have some guidance to refer to in implementing the GDPR’s provisions on data portability, the DPO’s role, and identifying the lead supervisory authority.
The Lead Supervisory Authority
As the final part of our series, the Guidelines for identifying the lead supervisory authority cover sections explaining the main considerations for identifying a lead supervisory authority and an annex that contains questions to guide organizations in performing the identification. Identifying a “lead supervisory authority” is only relevant where an organization is carrying out the “cross-border processing of personal data.”
*This alert was originally posted on Arent Fox's Behind the Scenes blog. To read this alert in its entirety, please click here.