Compulsory designation of the data protection officer (DPO)
The controller and the processor shall designate a data protection officer in any case where: (a) the processing is carried out by a public authority or body, except for courts acting in their judicial capacity; (b) the core activities of the controller or the processor consist of processing operations which, by virtue of their nature, their scope and/or their purposes, require regular and systematic monitoring of data subjects on a large scale; or (c) the core activities of the controller or the processor consist of processing on a large scale of special categories of data pursuant to Article 9 and personal data relating to criminal convictions and offences referred to in Article 10.
Chapter IV, Section 4, Article 37, Paragraph 1
Regulation's subject matter
Designation of the data protection officer (Article 37, Section 4, Chapter IV)
Data protection officer Data subject Public authority Public body