The CNIL introduction to its DPO guide reads “Emerging in 2018 with the entry into force of the General Data Protection Regulation (GDPR), the data protection officer (DPO) has a central position in personal data governance. The DPO must inform and advise the data controller, monitor the organisation’s compliance with legal obligations and act as a point of contact with the data protection authority. Although the DPO is not responsible for the organisation compliance, they are an essential part of it, as they are able to combine expertise and advice at all stages of projects involving the use of personal data. As of today, nearly 30,000 people in France work in this position (individuals and companies combined) for 80,000 organisations that have designated a DPO. Among these, the public administration, education and health sectors are the most represented”. Find the guide here.