(1) The controller must designate a data protection officer, unless the controller is a court, or other judicial authority, acting in its judicial capacity.
(2) When designating a data protection officer, the controller must have regard to the professional qualities of the proposed officer, in particular -
(a) the proposed officer's expert knowledge of data protection law and practice, and
(b) the ability of the proposed officer to perform the tasks mentioned in section 71.
(3) The same person may be designated as a data protection officer by several controllers, taking account of their organisational structure and size.
(4) The controller must publish the contact details of the data protection officer and communicate these to the Commissioner.