Privacy Law at Georgia
Georgia's data protection landscape has undergone significant reforms with the enactment of the Law of Georgia on Personal Data Protection, which aligns the country's legal framework with European Union standards.
📜 Key Provisions of the Law
Consent for Direct Marketing: Processing personal data for direct marketing purposes now requires explicit consent from the data subject, The law mandates clear communication of the right to withdraw consent and stipulates that processing must cease within 7 working days upon withdrawal
Appointment of Data Protection Officers (DPOs): Certain public and private entities, including banks, medical institutions, and electronic communication companies, are obligated to appoint a DPOThe DPO is responsible for ensuring compliance with data protection regulations and assisting employees with data protection matterssments (DPIAs):Entities must conduct DPIAs when processing activities are likely to result in high risks to data subject rights and freedom This includes assessing the necessity and proportionality of processing operations and implementing measures to mitigate potential risks.
Breach Notification:In the event of a personal data breach, organizations are required to notify the Personal Data Protection Service and affected individuals within 72 hours of becoming aware of the breach
Cross-Border Data Transfers: Transfers of personal data to countries outside Georgia are permitted only if the receiving country ensures an adequate level of data protection or if appropriate safeguards are in place
🏛 Supervisory Authority
The Personal Data Protection Service (PDPS) is the independent authority responsible for overseeing compliance with data protection laws in Georgi. The PDPS has the authority to issue warnings, impose fines, and provide guidance to organizations on data protection matter.
⚖️ Enforcement and Penalties
Violations of the data protection law can result in administrative fines ranging from GEL 1,000 to GEL 20,000, depending on the nature and severity of the breac. Factors such as the organization's annual turnover and the presence of aggravating or mitigating circumstances are considered when determining penaltie.
✅ Summary
Georgia's new data protection law introduces comprehensive measures to safeguard personal data, including requirements for explicit consent, appointment of DPOs, conducting DPIAs, and prompt breach notification. These reforms align Georgia's legal framework with EU standards, enhancing the protection of individuals' privacy rights and fostering a secure digital environment.
RELATED Blog
0 comments