🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays 🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays 🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays 🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays
Call us on +(33)4 28 70 91 81
Log in

Article 56 of the GDPR: Rules applicable to the one-stop shop

Home GDPR articles decrypted Article 56 of the GDPR: Rules applicable to the one-stop shop

Article 56 of the GDPR: Rules applicable to the one-stop shop

Article 56 of the GDPR introduces the one-stop shop mechanism for cross-border processing. It designates one lead authority responsible for coordination between the different supervisory authorities concerned.

Article 56 of the GDPR explained

Where processing concerns several Member States, the competent supervisory authority is:

  • That of the place of the main establishment of the data controller;
  • Or that of its representative in the EU (for non-EU officials).

This authority becomes there leader and acts in collaboration with other authorities concerned. It coordinates decisions, conducts investigations, and submits its draft decisions to the European Data Protection Board (EDPS) if needed.

Why is this article important for your GDPR compliance?

This mechanism simplifies procedures for companies operating in several European countries: they only have one contact. It also guarantees a consistency in the application of the GDPR at European level, avoiding contradictory decisions.

How to comply with Article 56 of the GDPR?

  • Determine where your main establishment is located in the EU (this is the one that decides the purposes of the processing);
  • Identify your lead authority (e.g. CNIL if your headquarters is in France);
  • Document cross-border data flows and processing;
  • Prepare your responses and procedures for interstate cooperation in the event of an audit.

Examples of application of Article 56 of the GDPR

  • A company based in Paris but processing German and Spanish user data will be controlled by the CNIL;
  • An American group operating in the EU appoints a representative in Belgium: the Belgian authority becomes leader;
  • The EDPS is contacted in the event of disagreement between several national authorities on the same matter.

Related Resources

Accelerate your compliance in just a few clicks

With our all-in-one solution, you can accelerate and ensure compliance easily:

  • Automate your compliance with our GDPR software
  • Supported or outsourced by our DPO experts
  • Raise awareness among your teams with our GDPR training e-learning

Request a demo with an expert

Assess your situation in 15 minutes with our free, no-obligation GDPR self-diagnosis.

GDPR: Self-assess now

Other articles
on the same subject