Data Protection Officer is mandatory, again.
Article 35 of the latest version of GDPR states that “The controller and processor shall designate a data protection officer in any case where: […] “.
To clearly understand which controllers and processors are included in such categories, the local language versions – and perhaps some comments – are needed.
Controller and processor are now required (if this will be the final version) to address the same compliance issues.
In any case all the above confirm that the “trilogue” (Commission, Parliament and Council) is very close to define and approve the GDPR.