With the EU's General Data Protection Regulation, the role of the data protection officer has come into sharp focus. Many organizations, especially those processing large amounts of EU citizen data or particularly sensitive data, will have to appoint a DPO, either someone already on staff or someone new to the organization. Some organizations may choose to outsource. Regardless, the question remains as to how to create a DPO when no obvious candidate in the organization exists.

In an analysis of the burgeoning GDPR training market, the IAPP has found it conservatively takes about 21 hours of training just to acquire the necessary understanding of the GDPR, itself. But, of course, knowledge of the GDPR alone does not a DPO make. In this research paper from the IAPP Westin Research Center, the IAPP explores how to build a DPO for your organization.