Law on Personal Data in Georgia: maintenance of the file system catalogue
According to Article 19, paragraph 1 of the Law on Personal Data Protection, the person who processes personal data is obliged to maintain a catalogue of the file system of personal data.
- A file system refers to a set of data in which data is sorted and accessed according to certain criteria.
Requirements for the contents of a file system directory
The following information should be displayed in the file system directory:
- the name of the file system;
- name and address of the data processor and authorised person, place of storage or(s) processing of the data;
- the legal basis for data processing;
- Data subject category;
- the category of data in the file system;
- data processing purposes;
- data retention period;
- the fact and grounds for the restriction of the data subject's rights;
- Recipients of data placed in the file system and their categories;
- information on the transfer of data to other states and international organisations and the legal basis for such transfers;
- a general description of the procedure established to protect data security.
Before creating a file system and entering a new category of data into it, the data processor must communicate the above information in writing or electronically to the personal data protection inspector, who in turn maintains a file system catalogue register.
The said register is publicly available at https://catalog.pdp.ge/.
The data processor is also required to notify the inspector of a change to the file system directory no later than 30 days after the change has taken place.
Dear journalists, use of material from the REVERA website in publications is only possible with our written permission.
To approve material, please contact i.antonova@revera.legal or Telegram: https://t.me/PR_revera