Guest
GDPR - Supervisory Authorities
We are a business operating offices in the UK, Canada, US and Australia but each business is a separate legal entity. As far as GDPR is concerned, we collect PII from EU citizens in the UK and that data is sent to our US offices for further processing. That data may also be partially shared with our Australia and Canada offices. In terms of the types of Supervisory Authorities how do we determine where we need to have a Supervisory Authority, a Lead Supervisory Authority, and a Local Supervisory Authority? Do we need to just determine an SA only for the UK or since we’re transferring data to a 3rd country, do we also need to determine a Lead SA/Local SA?
Assign topic to the user
EU GDPR & ISO 27001 INTEGRATED DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
EU GDPR & ISO 27001 INTEGRATED DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
EU GDPR & ISO 27001 INTEGRATED DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
Expert
Andrei Hanganu
Dec 02, 2017
Answer:
In your case, based on provided description, since you only have one establishment in UK then the Supervisory Authority you will have to deal with is the UK Information Commissioner’s Office in terms of GDPR.
Comment as guest or Sign in
Dec 02, 2017
Dec 02, 2017
Dec 02, 2017