The appointment of a DPO is one of the best steps that can be taken by the controller to properly implement measures that ensure compliance with the rights of the data subjects. Appointing a DPO is not always a necessary consequence of operating with IoT deployment. It is undeniable, however, that appointing a DPO is compulsory, at least, if conditions settled by Article 37(1) apply. Indeed, in the case of IoT, it will often happen that the core activities of the controller or the processor consist of processing operations that, by virtue of their nature, their scope and/or their purposes, require regular and systematic monitoring of data subjects on a large scale. Nevertheless, even if this is not the case, it is always recommendable to proceed to do so, at least in terms of transparency (see the “Transparency” section in the “Principles”, Part II of these Guidelines).