Naima Zohair, Assistant Manager Global Strategy, for the CRI Group, notes a growing misconception surrounding the need for appointing a Data Protection Officer (DPO) under GDPR. Zohair says an organization should ask itself main questions before appointing a DPO: Do they even need to appoint a DPO; should they need a DPO anyway for safe measures of compliance; can the role of DPO be outsourced; and will the DPO be personally liable; and when should a DPO be appointed? Zohair says that ultimately, what is a better fit for the business will be determined by the decision-making heads of the organization, yet it needs to be done soon, as the time is shrinking.
