Iceland's data protection authority, the Personuvernd, issued an advisory on the importance of data protection officers requirements under the EU General Data Protection Regulation. The regulator noted DPOs "must be independent, an expert in the data protection legislation, have adequate facilities and manpower and have direct access to senior management."