🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays 🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays 🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays 🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays
Call us on +(33)4 28 70 91 81
Log in

Article 55 of the GDPR: Competence of supervisory authorities

Home GDPR articles decrypted Article 55 of the GDPR: Competence of supervisory authorities

Article 55 of the GDPR: Competence of supervisory authorities

Article 55 of the GDPR defines the territorial jurisdiction of supervisory authorities in each Member State. It specifies in which cases an authority can intervene in matters of data protection, in particular when the processing is carried out on its territory.

Article 55 of the GDPR explained

Each supervisory authority is competent to:

  • Monitor the application of the GDPR in the territory of its Member State;
  • Intervene with data controllers or subcontractors established in this country;
  • Investigate and sanction processing carried out locally.

On the other hand, the national authorities are not competent in the context of cross-border processing, which falls under the one-stop shop (article 56).

Why is this article important for your GDPR compliance?

Knowing the competent authority allows you to’avoid notification or reporting errors, and to ensure that the procedures are addressed to the appropriate organization. This also ensures a rapid response adapted to the specific needs of the country.

How to comply with Article 55 of the GDPR?

  • Identify the competent authority based on your place of establishment or place of processing;
  • Follow applicable local procedures (e.g. notification, consent, audit);
  • In case of cross-border processing, prepare to cooperate under the single window mechanism (see Article 56).

Examples of application of Article 55 of the GDPR

  • A French company is controlled by the CNIL for its processing on national territory;
  • Spanish authority investigates Madrid-based subcontractor;
  • A German SME contacts its local authority to report an internal data breach.

Related Resources

Accelerate your compliance in just a few clicks

With our all-in-one solution, you can accelerate and ensure compliance easily:

  • Automate your compliance with our GDPR software
  • Supported or outsourced by our DPO experts
  • Raise awareness among your teams with our GDPR training e-learning

Request a demo with an expert

Assess your situation in 15 minutes with our free, no-obligation GDPR self-diagnosis.

GDPR: Self-assess now

Other articles
on the same subject