# Step 1: Setting up

First, you've read up on the [role of the DPO](https://www.dastra.eu/fr/guide/les-missions-du-dpo/51090) and the requirements for appointing a DPO, then you decide whether or not to [appoint a DPO](https://www.dastra.eu/fr/guide/les-modalites-de-designation-dun-delegue-a-la-protection-des-donnees/42392) in your organization.

Your choice will be an employee (DPO or not) who, in turn, will define and lead a network of GDPR correspondents within the company's various businesses.

{% hint style="info" %}
The appointment of a Data Protection Officer (DPO) is **mandatory** for: 

* Public organizations ; 
* Companies whose core business involves large-scale, regular and systematic tracking of individuals, or large-scale processing of so-called "sensitive" data or data relating to criminal convictions and offenses.
  {% endhint %}