The GDPR makes it a requirement that organisations appoint a data protection officer (DPO)

At a glance

• The GDPR introduces a duty for you to appoint a data protection officer (DPO) if you are a public authority or body, or if you carry out certain types of processing activities.
• DPOs assist you to monitor internal compliance, inform and advise on your data protection obligations, provide advice regarding Data Protection Impact Assessments (DPIAs) and act as a contact point for data subjects and the supervisory authority.
• The DPO must be independent, an expert in data protection, adequately resourced, and report to the highest management level.
• A DPO can be an existing employee or externally appointed.
• In some cases several organisations can appoint a single DPO between them.
• DPOs can help you demonstrate compliance and are part of the enhanced focus on accountability.