Data Protection Authorities and Data Protection Officers
DPAs are independent national authorities that enforce data protection law - one per member state except Germany (federal plus 16 Lander). The DPO is the in-EU point of contact who must have no conflicts of interest; non-EU companies appoint an EU representative.
Data protection authority (DPA) bodies are independent public authorities that enforce data protection law at national level and give interpretive guidance. There is one DPA per EU member state except Germany, which has a federal DPA over the public sector plus 16 Lander DPAs over the commercial sector.
The Data protection officer (DPO) is the primary internal point of contact on data protection for an EU-based business, facilitating and reviewing GDPR compliance. The DPO must have expertise in relevant data protection law and must not have conflicts of interest - their duties cannot mix processing personal data with monitoring it.
Whether an entity must appoint a DPO is not based on being a controller or processor. Key factors: are the data subjects from the EU, is the data in/from the EU, is there large-scale monitoring of data subjects, is there large-scale processing of sensitive data, and where is the company based.
A DPO is the term for companies based in the EU. A company with no physical EU presence must appoint an EU representative - someone subject to GDPR enforcement proceedings.