Under GDPR it is no longer necessary to submit notifications / registrations to each local DPA of data processing activities, nor is a requirement to notify / obtain approval for transfers based on the Model Contract Clauses (MCCs). 

Instead, it is required to keep internal record keeping and DPO appointment is mandatory only for those controllers and processors whose core activities consist of processing operations which require regular and systematic monitoring of data.

BotSupply will appoint a specific DPO for each project where the role is required.