Lela Janashvili, the Head of the Personal Data Protection Service, presented a report about the ongoing and completed measures for the process of implementation of the new law on “Personal Data Protection”.
It is to be specifically mentioned that adopting the new law is an important step forward in the development of Georgia’s personal data protection law. According to the head of the Personal Data Protection Service, work on four normative acts provided by the transitional provisions of the law has already been completed. These four acts include:
- Criteria for determining an incident with a significant threat to basic human rights and freedoms, the rule of incident notification for the Personal Data Protection Service
2. About the definition of a circle of persons who are not obliged to define/appoint a personal data protection officer
3. About the criteria and the rule of assessment of the circumstances arising from the obligation to assess the impact on data protection
4. The rule of registration of a special representative by the Personal Data Protection Service
In addition, in the process of implementation of the law, it is important to receive recommendations from the Data Protection Supervisory Body. As of today, the Office has developed a guide and recommendations on the following issues:
1. Issuing/updating internal legal acts and informing the Personal Data Protection Service to identify compatibility with the law for public institutions;
2. Issuing/updating internal legal acts and informing personal data protection services for private law entities to identify compatibility with the law;
3. About personal data protection officer;
4. On the generation of implementation of events related to the incident;
5. Processing of data with drones;
6. Right to transfer data (porting);
7. About the protection of personal data during the production of electronic elections;
Direct marketing implementation guideline.
Meanwhile, by March 1, 2024, the following guidelines will be prepared:
1. About the implementation of audio and video monitoring;
2. Automated decision-making and profiling;
3. Methodology of determining administrative benefits;
4. Consent as a basis for data processing;
5. Guidelines on transparency principle;
6. Right to access data;
7. Data protection by design & default
8. Standard for data security and data processing related to data processing;
8. Essential and standard conditions of the contract between the employee and the        authorised person.
In the process of implementing the new law the provision of information to data processors related to changes has become one of the important issues.
