The ICO have recently tweeted that in some cases, the GDPR requires companies to have a data protection officer.  Although by now we should be able to work out what that entails, wouldn't it be more helpful if there was some actual guidance on the subject?