EU: What’s left of the GDPR’s one-stop-shop? CJEU clarifies the competences of non-lead data protection authorities

Authors: Heidi Waem, Simon Verschaeve

When the GDPR was adopted back in 2016, its new cooperation and consistency mechanism, coined as the one-stop-shop, was marketed as one of the major advancements that the GDPR would bring to organisations. Instead of having to engage with multiple local data protection authorities, controllers and processors established in the EU would be able to deal with only a single data protection authority (DPA) with respect to their cross-border processing activities. The mechanism is often seen as a counterbalance for the additional compliance burden for organisations that came along with the GDPR.

Este é um tópico de discussão auxiliar para a entrada original em