Mark Hill and Anna Hackworth of Charles Russell Speechlys write:
DPO Requirements
The emphasis on the qualifications of the DPO, including academic background, experience, and knowledge of data protection and risk management, underscores the importance of the role. The DPO is not just a nominal position but is expected to have a substantive impact on the controller’s data protection practices.
The flexibility in allowing the DPO to be either an employee or an external contractor provides controllers with the ability to choose the best arrangement for their operations. However, regardless of the employment status, the DPO’s contact details must be made available to both the SDAIA and data subjects, a measure intended to enhance transparency and accountability.