Lela Janashvili submitted a report on the implementation of the new law to the Human Rights and Civil Integration Committee of the Parliament
2024-02-09 12:25:18- "Criteria for determining an breach notification that poses a significant threat to basic human rights and freedoms, the procedure for reporting an breach notification to the Personal Data Protection Service";
- on defining the circle of persons who do not have the obligation to define/appoint a personal data protection officer;
- about the criteria for determining the circumstances giving rise to the obligation to assess the impact on data protection and the assessment procedure;
- The procedure for registration of a special representative by the Personal Data Protection Service.
Prof. Dr. Dr. Lela Janashvili emphasized that, in the preparation of normative acts, the service adhered to guidelines and best practices provided by the 'European Data Protection Board' (EDPB). These drafts were subsequently shared with foreign experts, whose recommendations were duly incorporated into the relevant projects of acts.
In addition, in the process of implementation of the law, it is important to follow the recommendations of the data protection supervisory body, the so-called Development of guidelines regarding novelties provided by the law. As of today, the Service has developed guidance recommendations regarding the following issues:
- Issuing/updating intra-departmental legal acts for public institutions in order to identify compatibility with the law and informing the Personal Data Protection Service;
- Issuing/updating intra-departmental legal acts and informing the Personal Data Protection Service for the purpose of identifying compatibility with the law for private law entities;
- About the Personal Data Protection Officer;
- regarding the implementation of measures related to the breach notification;
- Processing of Personal Data through the use of Drones;
- The right to transfer data (porting);
- On the protection of personal data during electronic elections;
- Direct Marketing Guideline.
At the same time, the following guidelines will be prepared by March 1, 2024:
- About the implementation of audio and video monitoring;
- Automated decision-making and profiling;
- Methodology for determining the administrative fine;
- Consent as a basis for data processing;
- Guidelines on the principle of transparency;
- right of access to data;
- Data protection by design & default;
- standard for recording information related to data security protection and data processing;
- Essential and standard terms of the contract between the processor and the authorized person.
"In the process of implementing the new law, one of the important issues was the provision of information related to changes to data processors by the supervisory authority. Our daily information and consultation meetings of various formats are actively taking place and continue continuously even after the implementation of the law,” stated Prof. Dr. Dr. Lela Janashvili.