Step 12 of 12 steps to GDPR compliance in 12 posts


This is the final step in our series of emails designed to help you get ready for GDPR. If you have been following our 12 step programme, you should be making good progress. If you have missed any in the Series and would like to catch up, please visit 12 Steps to GDPR on our website.

The 25th of May is not very far away now and non-compliance can result in significant penalties. If you follow the practical steps in our series of emails, you should be getting into good shape but, if you need someone by your side to get you over the line, we are here to help.


If your organisation operates in more than one EU member state, you should determine your lead data protection supervisory authority and document this.

  • The lead authority is the supervisory authority in the state where your main establishment is. Your main establishment is the location where your central administration in the EU is or else the location where decisions about the purposes and means of processing are taken and implemented.
  • This is only relevant where you carry out cross-border processing
  • If this applies to your organisation, you should map out where your organisation makes its most significant decisions about its processing activities.

We are here to help

Qubic can work alongside you to help you meet the conditions laid out by the Information Commissioner’s Office for compliance with the new legislation. We have a team with expert knowledge, experience and technology to help your organisation be ready for GDPR on 25 May – but that’s not very far away now.

You can’t afford to wait any longer – contact Qubic today on 020 8601 7000 and we can help you work towards compliance. Even the longest journey starts with the first step…