The GDPR makes it mandatory for certain types of organisation – both controllers and processors –  to have  a DPO.

But whether mandatory or not, the appointment of a DPO has important advantages for all organisations.

First, it is a clear signal to its customers, and the regulators, that the organisation is taking data protection seriously.

Second, the  NED-like function of the DPO makes sure that data protection stays high on the organisation’s agenda.

Third, it’s one of the most effective ways of protecting the organisation from the high costs of getting data protection wrong.