A data protection officer (DPO) needs to be assigned if your company carries out certain types of data processing – if you work as a public body or authority, if you systematically monitor individuals, or if you carry out large scale processing of special categories of personal data.