[rrwo]

No, that's not true at all.

[CleverLikeAnOx]

Could you elaborate?

[rrwo]

You don't need to hire a separate person as DOO. It's recommended but not mandatory.

[ensignavenger]

Every single official guidance on GDPR that I have seen, such as https://ico.org.uk/for-organisations/guide-to-dp/guide-to-th..., states that I would have conflict of interest serving as DPO because "Basically this means the DPO cannot hold a position within your organization that leads him or her to determine the purposes and the means of the processing of personal data."

The same document specifically points out that as I head marketing, I cannot also the the DPO.

[rrwo]

It is recommended, not mandatory. You are a single person company.

Do you think every family run corner shop or plumber or painter in the EU has hired a DPO? No.

[ensignavenger]

I have seen nothing that says it is recommended and not mandatory- do you have a source?

[rrwo]

Your own link did, but now the page returns a 404 error.

However, see https://ico.org.uk/for-organisations/guide-to-data-protectio...

> Under the UK GDPR, you must appoint a DPO if:

> - you are a public authority or body (except for courts acting in their judicial capacity);

> - your core activities require large scale, regular and systematic monitoring of individuals (for example, online behaviour tracking); or

> - your core activities consist of large scale processing of special categories of data or data relating to criminal convictions and offences.