Healthcare providers must appoint a trained DPO to manage compliance, handle data protection requests, and oversee incident response. This is a core requirement under the HIB.