We are a business operating offices in the UK, Canada, US and Australia but each business is a separate legal entity. As far as GDPR is concerned, we collect PII from EU citizens in the UK and that data is sent to our US offices for further processing. That data may also be partially shared with our Australia and Canada offices. In terms of the types of Supervisory Authorities how do we determine where we need to have a Supervisory Authority, a Lead Supervisory Authority, and a Local Supervisory Authority? Do we need to just determine an SA only for the UK or since we’re transferring data to a 3rd country, do we also need to determine a Lead SA/Local SA?
In your case, based on provided description, since you only have one establishment in UK then the Supervisory Authority you will have to deal with is the UK Information Commissioner’s Office in terms of GDPR.