The EU General Data Protection Regulation provides that a data protection officer (DPO) must be designated in certain circumstances. While some guidance has been issued in this respect, important questions as to whether a DPO must be appointed and, if so, whom to appoint, remain unanswered. This briefing considers these difficult questions and what it means in practice for businesses. This briefing was first published in Privacy Laws & Business UK Report, Issue 93.
