That's the UK's straight-forward unequivocal explanation of the rules. Where there is room for interpretation or uncertainty, the ICO is very good at pointing this out. It doesn't here.
As poisan42 points out - it echoes the words in the actual article, directly.
As poisan42 points out - it echoes the words in the actual article, directly.
Bottom line, he doesn't need a DPO.