Georgia: The Georgia’s Personal Data Protection Service (PDPS) has published the 6-month activity report for 2024.
Citizens’ responsibilities
During the accounting period, the Personal data Protection Service (PDPS) received 1235 statements/messages, of which 1135 (92%) were related to data processing in private organizations, 78 (6%) – in public institutions, and 22 (2%) – in law enforcement agencies. This proactive reporting from the public is a testament to the trust and confidence in the PDPS’s role in safeguarding personal data.
Checking the legality of data processing (inspection)
The Georgian PDPS conducted a careful check (inspection) of the legitimacy of data processing on 93 facts. 39% (36) were planned, and 61% (57) were unplanned, demonstrating the thoroughness and effectiveness of our inspection process.
Administrative violations revealed
The Service uncovered a significant 145 cases of unlawful processing of personal data. Of these, 25 were reported from 2023 and completed during the financial period, while 120 were based on inspections started and completed during the fiscal period. The majority of these cases, 79% (115), were related to the private sector, with 21% (30) occurring in the public sector, and none in law enforcement agencies.
Tasks and recommendations issued by the Service
The Service played a proactive role by issuing a substantial 208 tasks and recommendations to public institutions, private organizations, and law enforcement agencies.
Consultations issued by the Service
During the accounting period, the Service demonstrated its commitment to public engagement by providing a significant 11,201 consultations, both orally (via telephone and personal meetings) and in written form.
Control of activities carried out in the Central Bank of Identifying Data of Electronic Communication. The Service has used the mechanism of hidden monitoring-recording suspension of telephone communication (via an electronic control system) in 43 cases.
During the accounting period, the Service received one message from the person responsible for processing the data security breach (incident).
The Service conducted 87 meetings with 5246 attendees, part of which represented both the data subject and the person responsible for processing.