European Union: Published EDPB Version 2 of Guidelines 8/2022 on identifying a controller or processor’s lead supervisory authority

On 17 April 2023, the European Data Protection Board (EDPB) published Version 2 of the “Guidelines 8/2022 on identifying a controller or processor’s lead supervisory authority”. The Guidelines highlight the importance of identifying a lead supervisory authority where a controller or processor is carrying out cross-border processing of personal data as defined in Article 4(23) of the GDPR. The Guidelines define “lead supervisory authority” as the authority with the primary responsibility for dealing with a cross-border data processing activity. In particular, the Guidelines outline the criteria to identify the lead supervisory authority, including through the location of their “main establishment” or “single establishment”.