(1) A controller, other than -
(a) a court, or
(b) another independent judicial authority,
acting in its judicial capacity, shall, subject to subsections (2) and (3), appoint a person to carry out the functions specified in subsection (5) in respect of the controller (in this Part referred to as a "data protection officer").
(2) Two or more controllers may, subject to subsection (3), having regard to their organisational structure and size, appoint a single data protection officer to carry out the functions specified in subsection (5) in respect of each of the controllers.
(3) A controller, when appointing a data protection officer, shall do so on the basis of -
(a) the person's expert knowledge of the law and the practice relating to the protection of personal data, and
(b) his or her ability to carry out the functions specified in subsection (5).
(4) Where a controller appoints a data protection officer, the controller shall -
(a) publish or cause to be published the contact details
…