While the title of data protection officer has long been in use, particularly in Germany and France, the General Data Protection Regulation introduced a new legal defintion of a DPO with specific tasks. Certain organizations, particularly those that process personal data as part of their business model or those who process special categories of data as outlined in Article 9, are obligated to designate a DPO on the basis of professional qualities and, in particular, expert knowledge of data protection law and practices. The DPO has a variety of mandated tasks, including communication with the supervisory authority, conducting DPIAs, and advising the organization on the mandates of the GDPR and how to comply with it.