The CISO is often said to have two overriding fears: everyone who works for the company…. and everyone who doesn’t. By contrast, the DPO looks at data through the lens of the individual. Under GDPR, companies must have a DPO if they collect, store, process or share sensitive personal data or extensive volumes of personal data. There is a conflict between these roles, however, and this post suggests ways to resolve the issues.