On 14th of April 2016, the EU adopted the General Data Protection Regulation GDPR, replacing the1995 Data Protection Directive. The new regulation came into force on the 25th of May 2018, giving companies a two-year grace period to fully comply. Among the numerous critical requirements, the need for appointing a Data Protection Officer (DPO) has been one of the key factors.