European Union: Adopted Guidelines 03/2021 on the application of Article 65(1)(a) GDPR on dispute resolution

On 24 May 2023, the European Data Protection Board (EDPB) issued guidelines on the application of Article 65(1)(a) of the General Data Protection Regulation (GDPR). Article 65(1)(a) of the GDPR mandates the EDPB to make a binding decision when a Lead Supervisory Authority (LSA) doesn't adhere to a significant and reasoned objection from a Concerned Supervisory Authority (CSA). The mechanism is designed to resolve disagreements among LSAs and CSAs. Further, it aims to ensure consistent GDPR application in cross-border data processing cases. Under the one-stop-shop mechanism for such processing, the LSA acts as the single point of contact for the data controller and would lead the investigation into GDPR compliance. The guidelines provide information on the EDPB process for adopting a binding decision, legal framework and outline the applicable procedural safeguards and remedies.