CHAPTER 2: ROLE OF THE DATA PROTECTION OFFICER
The GDPR takes a role that already exists in some organisations, that of the data protection officer (DPO), and gives it statutory importance.
Within Chapter IV of the GDPR, Articles 37-39, lay out the requirements for appointing a DPO, as well as their specification, role, duties and relationships with other entities (such as data subjects, controllers and processors, etc.).
Whether or not your organisation needs to appoint a DPO comes down to three basic conditions, according to the Regulation.
The controller and the processor shall designate a data protection officer in any case where:
(a) the processing is carried out by a public authority or body, except for courts acting in their judicial ...