Cross-border processing
Companies often have operations in several countries and personal data does not always stay in one country. An instance of personal data processing that has a connection to more than one member state of the EU is called cross-border processing.
If you as a data controller or data processor process personal data in several EU member states, you need to know which supervisory authority you are to have contact with. Your starting point is that you only need to be in contact with one supervisory authority, your so-called lead supervisory authority, for example if you are to report a personal data breach that has connections to several EU member states.
As a data subject you are always able to choose which country's supervisory authority you wish to contact, for example if you wish to complain about how a data controller has processed your personal data. The supervisory authority that you contact will be your contact point in the matter.
About the information on this page
If the information in English is different from the Swedish version of this page, the Swedish version applies.