Introduction The GDPR  under Article 37 requires organizations to appoint a Data Processing Officer (DPO) in 3 specific cases: a) where the processing is carried out by a public authority or body; b) where the core activities of the controller or the processor consist of processing operations, which require regular and systematic monitoring of data…