I support GDPR, but to be fair about Data Protection Officer, that position sounds like a liability, no one will want that title unless they are appropriately compensated for it, so most likely this will be a dedicated person who will be paid just to be responsible for things being complaint.

Perhaps in early stage of a startup a founder will take the title to save cost, but he/she will want to lose that responsibility as soon as possible.