A data protection officer is a person appointed by a data controller or a data processor to monitor data protection compliance.
The data protection officer can be an employee of the data controller or the data processor or it can be an external consultant. In either case, the data protection officer will need adequate training and active support from senior management
Whether or not you are legally obliged to appoint a data protection officer depends on the nature of your organisation. Public authorities and organisations that carry out regular monitoring of individuals or large-scale data processing must appoint a data protection officer.
In small businesses, it is good practice to allocate responsibility to a specific individual who will coordinate data protection policy in order to ensure your organisation is compliant with the new requirements under GDPR and to embed good data protection practices.
