This is the last in a series of 12 posts with some advice from the ICO on how to start preparing for the advent of the GDPR in May 2018.

If your organisation operates internationally, you should determine which data protection supervisory authority you come under.

The GDPR contains quite complex arrangements for working out which data protection supervisory authority takes the lead when investigating a complaint with an international aspect, for example where a data processing operation affects people in a number of Member States. Put simply, the lead authority is determined according to where your organisation has its main administration or where decisions about data processing are made. In a traditional headquarters (branches model), this is easy to determine. It is more difficult for complex, multi-site companies where decisions about different processing activities are taken in different places. In case of uncertainty over which supervisory authority is the lead for your organisation, it would be helpful for you to map out where your organisation makes its most significant decisions about data processing. This will help to determine your ‘main establishment’ and therefore your lead supervisory authority.

For more details go to the Information Commissioners Office here

Source: ICO – Preparing for the General Data Protection Regulation