Most small companies (below 10 employees) will refrain from appointing a DPO claiming that they don't do large scale systematic monitoring (not clearly defined).
The issue however is that for a DPO you need to avoid conflict of interest, as the DPO should be as independent as possible, even though the DPO could be an employee of the company.
Shareholders, C-level execs, employees that establish means and purposes of processing or handle the actual processing cannot be reasonably expected to place the interests of the data subject(s) above those of the company.
The issue however is that for a DPO you need to avoid conflict of interest, as the DPO should be as independent as possible, even though the DPO could be an employee of the company.
Shareholders, C-level execs, employees that establish means and purposes of processing or handle the actual processing cannot be reasonably expected to place the interests of the data subject(s) above those of the company.
See article 38 for reference.