A Data Protection Officer is required by the GDPR for public bodies and businesses that engage in large-scale monitoring of personal data, and is encouraged for all businesses that fall under the scope of the GDPR. The DPO is responsible for helping businesses comply with the GDPR by engaging in training of staff, conducting audits, maintaining records, monitoring company activities relating to compliance and communicating with data subjects. The DPO can be either an internal employee or an external consultant.