Skip to content

Another supervisory authority

As you have concluded that your main establishment is not in Sweden, Swedish Authority for Privacy Protection is not competent to act as lead supervisory authority in this case. You should therefore turn to another supervisory authority.

The personal data breach shall be notified to the supervisory authority in the country where you have your main establishment. In principle, your main establishment is where you have your central administration in the European Union.

However, if decisions on the purposes and means of the processing of personal data are taken in another establishment in the European Union, and that establishment has the power to have such decisions implemented, that is to be considered as your main establishment instead.


Latest update: 3 May 2021
Page labels Data protection