A
DPO advises on data protection obligations, monitors GDPR compliance, and serves as the contact point for supervisory authorities. Mandatory for large-scale data processors and public authorities.
DPO must have data protection expertise and operate independently. Can be internal or outsourced. Conflict of interest prohibited (DPO can't also make data processing decisions they oversee). Reports directly to highest management level.