Georgia: The Law of Georgia on “Personal Data Protection Service” has been fully implemented since June 1, 2024, Saturday, marking a significant milestone in data protection regulations.
Legislative changes include important news: Personal Data Protection Officer.
All public institutions, insurance and microfinance organizations, banks, credit bureaus, electronic communication companies, airline, airport and medical facilities – are now mandated to appoint a Personal Data Protection Officer, a role of utmost importance in ensuring data security.
The officer provides information to employees on issues related to personal data protection, such as analyzing statements and complaints received on this topic and making relevant recommendations, seeking advice from the personal data protection service, providing information about data processing processes and rights in the case of a natural person, and others.
Establishing the Officer’s Institute is especially important because it brings Georgian personal data protection legislation closer to European standards, thereby significantly strengthening the guarantees of protection of data entities’ rights.
From June 1, i.e., today, another significant change comes into force – the obligation to assess the impact on data protection.
The Law on “Personal Data Protection Service (PDPS)” introduces a new rule-the obligation to assess the impact of data protection. This rule, a first in Georgian legislation, is designed to mitigate the threats to human rights posed by data processing.
According to the Law, in cases where new technologies, category of data, volume, objectives and means of processing, there is a high probability of violating human rights and freedoms, the person responsible for the processing is obliged to carry out a preliminary assessment of the impact on the data protection. This assessment involves identifying potential risks to data protection and implementing measures to mitigate these risks.
