How to Deal with the One-Stop-Shop

November 18, 2021

The 10th annual edition of the IAPP Europe Data Protection Conference in Brussels featured a session with Eliëtte Vaal and Vonne Laan of The Data Lawyers, on the One-Stop-Shop Mechanism (OSS) under the GDPR. The application of the OSS in practice has been met with some resistance and its scope seems unclear. This session aimed to bring more conceptual clarity and practical guidance.

The purpose of the One-Stop-Shop Mechanism (OSS) under the GDPR is to benefit organisations who engage in cross-border processing because they only would have to deal with one single supervisory authority. In practice however, the application of OSS has been met with resistance and its scope is unclear. In this session, the OSS mechanism and the legal uncertainty on how and when this mechanism applies under GDPR was clarified. The EDPB guidance and recent ECJ Opinion on this topic was also addressed.

Joining the session, Iris Koetsenruijter, Senior Officer International Investigations of the Dutch DPA, and Lejla Lagumdžija, DPO for Ernst & Young The Nederlands, provided a regulatory perspective and a business perspective, respectively, on the effectiveness of the OSS.

The IAPP Europe Data Protection Conference was held on 17 and 18 November 2021. More information on the next conference can be found clicking this link.