According to the requirement of Art. 37 (5) GDPR, a data protection officer must fulfil the following three main factors:
- Professional qualification in terms of expertise in the field of data protection law
- Expertise in the field of data protection practice
- Ability to perform the tasks mentioned in Art. 39 GDPR (see above)