Within the entity, you can add a lead authority.

If you are an organization that carries out cross-border data processing, you can benefit from the "one-stop shop" mechanism for all processing activities on European territory.

This contact is the "lead" supervisory authority.

For example, CNIL is the lead authority for cross-border processing carried out by organizations:

• which have several establishments in the European Union and whose head office is located in France, if this establishment decides on the purposes and means of the cross-border processing;

• which have several establishments in the European Union, whose head office does not decide on the purposes and means of cross-border processing, but whose establishment which takes these decisions is located in France;

• have a single establishment in the European Union, located in France.

Is it compulsory?

No, it's not compulsory to designate a lead authority, nor to designate yourself to one. However, it is very useful for managing your compliance.

We recommend that you identify it. In particular, it will be useful to know which authority is to receive a data breach notification in the event of cross-border processing.