¹In cases other than those referred to in paragraph 1, the controller or processor or associations and other bodies representing categories of controllers or processors may or, where required by Union or Member State law shall, designate a data protection officer. ²The data protection officer may act for such associations and other bodies representing controllers or processors.