[ensignavenger]

The very document you link to does not say exactly when you have to hire a DPO or not, but it and other documents I have read seem to indicate that if my business is collecting personally information order to provide my service, I need a DPO. There is some question as to scale, but no where is that defined in anything approaching concrete terms. If I have 5 customers and all 5 of them have given me their name, email, and a brief biography that I store for the purposes of providing a my service- at least one guidance document from the the EU states that scale is relative to the size for the business, so I would need a DPO in this case. What about 50, or 500, or 5000? Any number I would pick is arbitrary. What if I collect birthdates or other information that is essentail to my service?

Its easy to say "I'm small and don't need a DPO"... but the law is nothing close to clear on this issue.

And the guidance clearly states that I cannot be the DPO while also holding all the other positions in the company.

"Basically this means the DPO cannot hold a position within your organization that leads him or her to determine the purposes and the means of the processing of personal data."