Law on Personal Data in Georgia
The Parliament of Georgia adopted a decision on amendments to the Law of Georgia "On Protection of Personal Data" on 04.07.2023.
Despite the fact that most of these changes will come into force in 2024, we recommend that companies operating in Georgia pay attention to the requirements of the Law and plan their activities with them already at this time.
Amendments effective from 01.03.2024
Any organisation or individual processing personal data is obliged to record all incidents of data processing breaches, measures taken and report them to the Personal Data Protection Service no later than 72 hours after the incident is detected.
Amendments effective from 01.06.2024
The law stipulates the obligation to have a personal data protection officer for all public institutions, as well as the following organisations:
- Public institutions (except for religious and political organisations);
- insurance organisations;
- commercial banks;
- microfinance organisations;
- credit bureaus;
- electronic communications companies;
- airlines;
- airports;
- other organisations that process data from a large number of subjects or monitor their behaviour on a systematic and large-scale basis.
The employee responsible for personal data protection has the right to perform other labour functions, if this does not lead to a conflict of interest.
The organisation may enter into a service contract with another organisation or individual (instead of hiring an employee) to ensure protection of personal data.
Dear journalists, use of material from the REVERA website in publications is only possible with our written permission.
To approve material, please contact i.antonova@revera.legal or Telegram: https://t.me/PR_revera
