The GDPR introduced a new agent in the data protection framework: the data protection officer. This should be an expert on data protection law and practices, and be in a position to operate independently within the organisation. The DPO should ensure the internal application of the GDPR,and that the rights and freedoms of data subjects are not likely to be adversely affected by processing operations. The DPO shall keep a register of processing operations performed or controlled by the institution or body.