Schedule a free consultation
Personal Data Protection Officer - An individual designated/appointed by the person responsible for processing or by an authorized person, who performs the functions provided by the Georgian law on "Personal Data Protection."
Public institutions, insurance organizations, commercial banks, microfinance institutions, credit bureaus, electronic communications companies, airlines, airports, medical establishments, as well as responsible persons/entities who process large amounts of data subjects' information or conduct systematic and large-scale monitoring of their behavior, are required to appoint or designate a personal data protection officer.
The Personal Data Protection Officer ensures:
a) Informing the data processing officer, authorized person, and their employees on issues related to data protection, including the adoption or amendment of regulatory legal norms, providing consultation and methodological assistance to them;
b) Participating in the development of internal regulations related to data processing and the document assessing the impact on data protection, as well as monitoring the compliance with Georgian legislation and internal organizational documents by the data processing officer or authorized person;
c) Analyzing applications and complaints related to data processing and providing appropriate recommendations;
d) Receiving consultations from the Personal Data Protection Service, representing the data processing officer and authorized person in interactions with the Personal Data Protection Service, presenting information and documents at its request, and coordinating and monitoring the execution of its assignments and recommendations;
e) Providing the data subject with information about data processing procedures and their rights in case of inquiry;
f) Performing other functions to enhance data processing standards by the data processing officer or authorized person.
The individuals responsible for processing have the discretion to appoint or designate a personal data protection officer.
Persons responsible for processing or those authorized for processing may appoint or designate a common personal data protection officer, ensuring that the personal data protection officer is able to perform their functions fully. If the person responsible for processing or the authorized person is a public institution, it is also permissible to appoint or designate a common personal data protection officer for several state institutions, taking into account the organizational structure and size of these institutions.
The personal data protection officer should be accountable to the highest governance structure, taking into consideration the specific circumstances.
The person responsible for processing and the person authorized for processing must ensure the proper involvement of the Data Protection Officer in the decision-making process on important matters related to data processing, provide them with the appropriate resources, and ensure their independence in the execution of their duties.
Change of language