The EU General Data Protection Regulation requires certain organizations to appoint a data protection officer. Even where such an appointment is not mandatory, it is still advisable for organizations processing personal data to appoint a DPO. The DPO must be involved in all issues concerning the protection of personal data in an organization at the earliest opportunity. DPOs may be internal or external. Due to the critical role they play, the GDPR requires that the DPO is allowed to exercise his or her functions independently. In this article for The Privacy Advisor, Heward Mills Founder Dyann Heward-Mills, CIPP/E, CIPP/US, CIPM, runs down the responsibilities of the DPO and why it is important for them to operate in an independent manner.