Chapter 3 – Obligations of controllers and processors Section 38 Data protection officers of private bodies Section 39 Accreditation