In the process of implementation of the new law of Georgia "On Personal Data Protection", an information meeting was held with representatives of the private sector

2024-02-13 12:38:30

A presentation of draft normative acts and guidelines related to them provided for by Article 88 (4) of the new Law of Georgia "On Personal Data Protection"  was held for the representatives of the private sector. The First Deputy President of the Personal Data Protection Service of Georgia – Dr. Otar Chakhunashvili with a welcome speech, opened the meeting. During the meeting, the President of the Service presented drafts of normative acts to be issued by March 1, 2024.

  • "Criteria for determining an incident with a significant threat to basic human rights and freedoms and the procedure for reporting the incident to the Personal Data Protection Service"
  • "Criteria for determining the circumstances giving rise to the obligation to assess the impact on data protection and the assessment procedure"
  • "Regulation of the special representative by the Personal Data Protection Service" "On determining the circle of persons who do not have the obligation to designate/appoint a Personal Data Protection Officer." 

In parallel with the projects of the named normative acts, the recommendations developed by the Service "On the implementation of measures related to breach notification" and "On the Personal Data Protection Officer" were reviewed.

The recommendations prepared by the service and posted on the website are open for comments and comments and will be updated periodically, taking into account the relevant opinions of the interested parties.

  • Recommendations to the Personal Data Protection Officer personaldata.ge
  • Recommendations regarding the implementation of measures related to the incident personaldata.ge

 

The presentation focused on the use of relevant guidelines, European best practices and guidelines published by the "European Data Protection Board" (EDPB) in the process of drafting normative acts.

The meeting was held in an active discussion mode, with several clarifying questions raised about important issues provided for by the new law. These included international data transfer, the appointment/definition of the personal data protection officer and their functions, the obligation to appoint a special representative, and the technical-organizational measures necessary for assessing the impact on data processing. The obligations of the person/authorized person responsible for data processing in the process of detecting and reporting to the service an incident containing a significant threat to basic human rights and freedoms were also reviewed.

About 90 representatives of the private sector attended the meeting.