2024-06-01

The law of Georgia “On Personal Data Protection” fully came into force today

---

The law of Georgia “On Personal Data Protection” fully came into force on June 1.

The legislative changes provide important novelties:

The Personal Data Protection Officer

Every public institution, insurance and micro-finance organisation, bank, credit bureau, electronic communication company, airline, airport, and medical institution is obliged to appoint or designate a Personal Data Protection Officer.

The Personal Data Protection Officer makes sure to inform employees on matters related to data protection, analyzes received applications and grievances regarding data processing and makes appropriate recommendations, receives consultations from the Personal Data Protection Service, in the event of an application by a natural person, provide them with information on data processing and their rights.

It is especially important to establish a Data Protection Officer institute, as it brings the Georgian personal data protection legislation closer to European standards through which it meaningfully improves the protection guarantees of data subject rights.

From today, another important change comes into force - the obligation to carry out a Data Protection Impact Assessment.

The Law “On Personal Data Protection” provides the process for a data protection impact assessment, which is a novelty in Georgian personal data protection legislation and aims to reduce the increased threat of human rights violations.

According to the law in cases where new technologies, categories and the volume of data, and the purposes and means of data processing, there is a high probability of threat of violation of fundamental human rights and freedoms during data processing, a controller is obliged to carry out a data protection impact assessment in advance.