We offer Data Protection Officer services aimed at ensuring your organization’s full compliance with both the applicable Georgian legislation and the General Data Protection Regulation (GDPR).

The Data Protection Officer monitors the lawfulness of personal data processing, assesses and minimizes legal risks, and ensures compliance with data security standards.

Our services include:

• Assessing the lawfulness of personal data processing;
• Developing and legally analyzing data processing procedures;
• Evaluating and responding to data security incidents;
• Providing legal support on data protection issues;
• Drafting data protection policies and internal documentation;
• Preparing written recommendations/reports for the management — presenting analytical reports on data protection issues for the organization;
• Regularly updating documentation in accordance with current legislation;
• Communicating and coordinating with the State Inspector’s Service for Personal Data Protection, if necessary.

Who is required to appoint a Data Protection Officer?

According to Georgian legislation, the appointment of a Data Protection Officer is mandatory for the following categories of organizations:

• Public institutions;
• Insurance companies;
• Commercial banks and microfinance organizations;
• Credit bureaus;
• Electronic communications companies;
• Airlines and airports;
• Medical institutions.

It is also mandatory for those (including private companies) who:

• Process a significant amount of personal data subjects’ information, or
• Carry out systematic and large-scale monitoring of data subjects’ behavior.