Certified Information Privacy Professional – Europe (CIPP/E) — Question 252

Pursuant to the EDPB Guidelines 8/2022, all of the following criteria must be considered when identifying a lead supervisory authority of a controller EXCEPT?

Answer options

• A. Determining where the controller has its place of central administration in the EEA.
• B. Determining the supervisory authority where the place of central administration of the controller is located.
• C. Determining the supervisory authority according to what has been identified by the controller as the authority to which data subjects can lodge complaints.
• D. Determining if decisions on the processing are taken in another establishment in the EEA, and if that establishment has the power to implement those decisions.

Correct answer: C

Explanation

Option C is correct because it pertains to the controller's choice of supervisory authority for lodging complaints, which is not a criterion for identifying the lead supervisory authority. The other options directly relate to the physical location and administrative structure of the controller within the EEA, which are essential for determining the lead supervisory authority.