Looking toward the GDPR’s May 25, 2018 implementation date, many organizations preparing for compliance are focused on the DPO role. While the position is not novel, the GDPR introduces new requirements. We spoke with experienced DPOs and counsel from around the world to clarify and shed light on the GDPR provisions and recent Article 29 Working Party guidelines relevant to the DPO role. This first part of our two-part series on the topic examines when appointing a DPO is mandatory, how to select a DPO, and the requisite skillsets and responsibilities of the role, including the difference between the DPO and other privacy compliance roles. Part two will discuss how the DPO best fits in the corporate structure, how to manage the budget for this role and steps companies can proactively take to ensure they are prepared to comply with the GDPR’s DPO requirements. See also “Navigating the Early Months of Privacy Shield Certification Amidst Uncertainty” (Nov. 2, 2016).