Answer yes if your organisation has a nominated Data Protection Officer as defined by GDPR.
GDPR introduces a duty for you to appoint a data protection officer (DPO) if you are a public authority or body, or if you carry out certain types of processing activities.
A useful guide on Data Protection Officers was published by the ICO and can be found here.
If you would like to contribute to this article or provide feedback, please email firstname.lastname@example.org. Contributors will be recognised on our contributors page.