CHAPTER 8: ROLE OF THE DATA PROTECTION OFFICER
The GDPR takes a role that already exists in some organisations, that of the DPO, and gives it statutory importance.
Articles 37–39 of the GDPR lay out the requirements for appointing a DPO, as well as their specification, role, duties and relationships with other entities (such as data subjects, controllers and processors, etc.).
Whether or not your organisation needs to appoint a DPO comes down to three basic conditions, according to the Regulation:
The controller and the processor shall designate a data protection officer in any case where:
(a) the processing is carried out by a public authority or body, except for courts acting in their judicial capacity;
(b) the core activities of the controller ...