A DPO has to be appointed in any case where:
- the processing is carried out by a public authority or body, except for courts acting in their judicial capacity,
- the core activities of the controller or the processor consist of processing operations which, by virtue of their nature, their scope and/or their purposes, require regular and systematic monitoring of data subjects on a large scale or
- the core activities of the controller or the processor consist of processing on a large scale of special categories of data pursuant to Article 9 and personal data relating to criminal convictions and offences referred to in Article 10.
So, the appointment of a DPO is rarely mandatory in the UK, although you can always voluntarily appoint a DPO, even if you don’t need one.
Physicians don’t need a DPO because the work with medical data is not their core activity. Physicians communities and hospitals absolutely need a DPO.