I was wondering if you could help me with some GDPR related questions:
1. How does an organization establish if it needs a DPO or no?
2. Does the DPO need to be an employee or it can be outsourced as well?
3. What would be the position of the DPO in the company organizational chart?
4. What would be the job description applicable to the DPO?
5. Is there any easy way to establish the duration of a GDPR compliance project?
6. What is the difference between a DPIA and a PIA?
7. When one needs to perform a DPIA?
8. Are there any specific requirements in terms of encryption?