Regulations state that the DPO must be impartial and possess a specific skill set, for which most organisations do not have the time or resources.
The DPO will be required to possess a breadth of knowledge on data processing and data security obligations; necessary familiarity with the legal aspects of GDPR; and specialist understanding of evolving technology and legislation.