Data protection is a constantly changing subject. In addition to the publication of certain decisions taken and  sanctions imposed by the regulatory authorities (See our article on the topic:, the EDPB recently put on line a register of decisions  adopted under Article 60 of the GDPR.


You can consult the register here:


What’s the concept? It’s still the same, to move towards a uniform application of the applicable personal data protection regulations. Thus, the entities involved in the cross-border processing of personal data can benefit from the “one-stop shop”, and deal with a single authority for all processing carried out in the European Economic Area. They call it a “Lead Supervisory Authority”.


The various supervisory authorities concerned thus collaborate among themselves and the Lead Supervisory Authority oversees the Transactions. You will find the competent supervisory authorities under the “CSA” tab in the register and the Lead Supervisory Authority under the “LSA” tab.

Why is it important? Because of a need for consistency, the reasoning and sanctions established should be similar in the various European Economic Area countries. Analysis of the decisions is thus an important source to further examine the texts and push their coming into compliance as close as possible to the baseline established by the supervisory authorities.


However, there is one caveat to keep in mind, in case of a dispute regarding a decision issued by a supervisory authority, it will be up to a judge to make the final determination.

Our teams advise on a daily basis digital market actors and are here to assist you:

Renaud Le Squeren
Avocat à la Cour
Héloïse Cuche
Senior Associate
Avocat à la Cour
Alison Front

By Héloïse CUCHE, Avocat.