Skip to main content
Home » The Power of Data » How the OSS mechanism provides certainty for Irish technology companies
The Power of Data 2024

How the OSS mechanism provides certainty for Irish technology companies

A dedicated mentor is explaining mentees importance of project while sitting at the boardroom in corporate firm.
A dedicated mentor is explaining mentees importance of project while sitting at the boardroom in corporate firm.

Caroline Shanahan

Executive, Technology Ireland

Austin Dowling

Senior Executive, Technology Ireland

Learn about the One Stop Shop (OSS) and the unique role and authority of the Lead Supervisory Authority (LSA) under the General Data Protection Regulation (GDPR).


2024 marks the sixth anniversary of the implementation of one of the strongest privacy and security laws in the world: the European Union’s GDPR. The GDPR regulates how the personal data of individuals in the European Union (EU) can be transferred and processed and defines obligations, rights, methods and sanctions to ensure compliance across the EU.

OSS simplifies GDPR compliance navigation

The OSS mechanism is a core concept of the GDPR. It ensures a simpler and clearer process for individuals to exercise their privacy rights. The OSS allows for a company operating in multiple EU countries to interact with a singular Data Protection Authority (DPA) where it is headquartered — a Lead Supervisory Authority (LSA) — avoiding the need to deal with multiple DPAs.

The benefits of the OSS are clear; it reduces the administrative burden for organisations and makes it simpler for individuals to exercise their rights. It provides businesses operating cross-border (small, medium and large), as well as data subjects, with legal certainty regarding the competent regulator. It ensures both a consistent process and application of the GDPR.

Ireland plays an important
role in upholding the core
concepts of the GDPR.

Maintaining OSS crucial for future of GDPR

The importance of the OSS is increasingly apparent. However, recent EU-level trilogue discussions regarding the GDPR cross-border enforcement regulation require all stakeholders to rally behind the OSS and the unique role of the LSA to ensure they are neither undermined nor diluted. A strong level of compliance can be ensured through a continuous and open dialogue with the LSA, based on mutual trust.

Any changes may complicate or delay the resolution of data subject complaints or requests, and any degradation of the OSS would introduce inconsistency. This makes it more challenging for organisations to predict and meet their compliance obligations possibly leading to a competitive disadvantage for Europe.

Ireland’s role in upholding GDPR enhances credibility

Ireland plays an important role in upholding the core concepts of the GDPR. Our position as a global technology hub means that the Irish DPA will remain at the forefront of GDPR enforcement. Ireland’s attractiveness and competitiveness depend on the OSS mechanism to foster the predictability necessary for the creation of a business-friendly environment.

The next review of the GDPR in 2028 should build on the recent review and comprehensively evaluate the data protection landscape by assessing the impact of recently adopted legislation.

Next article