Skip to main content
Data Protection / GDPR

Consistency mechanism

The consistency mechanism is the coordination procedure enshrined in the GDPR through which the supervisory authorities of EU member states reach a uniform application of the law in cross-border processing cases.

The consistency mechanism (German: Kohaerenzverfahren) is a core element of the GDPR designed to ensure a uniform interpretation and application of data protection law across Europe. It applies whenever processing affects several member states or is likely to have a substantial impact on data subjects in more than one state. Without such a mechanism, the same processing operation could be assessed differently in different member states, which would undermine both the internal market and the level of protection afforded to data subjects.

The consistency mechanism is closely intertwined with the one-stop-shop principle: in cross-border processing, the lead supervisory authority at the location of the main establishment of the controller or processor is competent, but works in close cooperation with the supervisory authorities concerned. If these authorities cannot reach consensus on a draft decision, or if relevant and reasoned objections are raised, the European Data Protection Board (EDPB) is brought in.

Within the consistency mechanism, the EDPB may issue opinions (Art. 64 GDPR) and, in disputes, adopt binding decisions (dispute resolution procedure under Art. 65 GDPR) that bind the authorities involved. In addition, Art. 66 GDPR provides for an urgency procedure that allows a supervisory authority to adopt provisional measures where there is an urgent need to act. For organisations, this means that data protection decisions in complex cases are not taken in isolation but within the European network, giving them greater binding force and broader effect.

Legal Basis

Art. 63–67 GDPR (in particular Art. 63 consistency mechanism, Art. 64 EDPB opinion, Art. 65 dispute resolution, Art. 66 urgency procedure); Art. 56 GDPR (lead supervisory authority)

Practical Example

A corporate group established in Ireland introduces a group-wide processing of employee data affecting staff in Germany, France and Spain. As the lead authority, the Irish data protection authority drafts a decision, against which the German and French supervisory authorities raise relevant and reasoned objections. As no consensus is reached, the group's data protection officer internally launches a risk assessment and awaits the EDPB decision in the dispute resolution procedure under Art. 65 GDPR, which all authorities involved must then implement.

FAQ

The consistency mechanism applies to cross-border processing that may significantly affect data subjects in several member states. It serves to ensure a uniform application of the GDPR throughout the EU and is coordinated via the lead supervisory authority and the EDPB.
Within the consistency mechanism, the EDPB issues opinions under Art. 64 GDPR and decides disputes with binding decisions under Art. 65 GDPR. These decisions bind the supervisory authorities involved and thereby ensure a consistent application of the law.
The one-stop-shop determines the competent lead authority and bundles the point of contact for the organisation. The consistency mechanism is the overarching coordination procedure that ensures a uniform decision when the authorities disagree.

How preeco supports you

Learn how our software supports you with this topic.

Learn more

Related Terms

Supervisory authority European Data Protection Board Lead supervisory authority Third Country Transfer Data Protection Compliance
Back to Glossary