Another supervisory authority

The personal data breach shall be notified to the supervisory authority in the country where you have your main establishment. In principle, your main establishment is where you have your central administration in the European Union.

However, if decisions on the purposes and means of the processing of personal data are taken in another establishment in the European Union, and that establishment has the power to have such decisions implemented, that is to be considered as your main establishment instead.