All government entities and some private sector organisations need to appoint a ‘data protection officer’ under the GDPR.

We have advised both government and private sector clients about whether they need to appoint a data protection officer, and, if they do, what that officer’s duties and terms of reference should be.