Data Protection System of Georgia. Nina Sarishvili Head of International Relations Department

Similar documents
CNPD Course: Data Protection Basics

CNPD Course: Data Protection Basics

Government Resolution No of February 15, Resolution: Advancing National Regulation and Governmental Leadership in Cyber Security

Liechtenstein. General I Data Protection Laws. Contributed by Wanger Advokaturbüro. National Legislation. National Regulatory Authority.

ENFORCEMENT POWERS. The EU Perspective. Olivier Proust. Associate Hunton & Williams LLP

UN FREEDOM OF INFORMATION POLICIES INTERNATIONAL TELECOMMUNICATION UNION (ITU)

Data Protection in Switzerland Update Following the Safe Harbor Decision. 21 October 2015 / 6 February 2016 Christian Wyss

Legal framework of ensuring of cyber security in the Republic of Azerbaijan

Contributed by Djingov, Gouginski, Kyutchukov & Velichkov

Data Breach Notification: what EU law means for your information security strategy

STATEMENT OF STRATEGY

Privacy Code of Conduct on mhealth apps the role of soft-law in enhancing trust ehealth Week 2016

Overview on the Project achievements

etning_2015_web.pdf

DATA PROTECTION LAWS OF THE WORLD. Bahrain

Data Processor Agreement

Do you handle EU residents personal data? The GDPR update is coming May 25, Are you ready?

The University of British Columbia Board of Governors

Creation and Evolution of the Colombian DPA

Plan a Pragmatic Approach to the new EU Data Privacy Regulation

EU General Data Protection Regulation (GDPR) Achieving compliance

Talenom Plc. Description of Data Protection and Descriptions of Registers

Privacy Notice: Volunteers of Turning Point Scotland

General Data Protection Regulation (GDPR)

NEW INNOVATIONS NEED FOR NEW LAW ENFORCEMENT CAPABILITIES

Resolution: Advancing the National Preparedness for Cyber Security

The West End Community Trust Privacy Policy

Developing and Implementing Data Protection Law: Malaysia and Beyond

THE NEW GENERAL DATA PROTECTION REGULATION IMPLICATIONS FOR ENTERPRISES. Forum financier du Brabant wallon

Digital Signatures Act 1

Government data matching and the Privacy Act 1988 (Cth)

General Data Protection Regulation (GDPR) The impact of doing business in Asia

Data Processing Agreement

The commission communication "towards a general policy on the fight against cyber crime"

DATA PROCESSING AGREEMENT

Data Processing Agreement

General Data Protection Regulation April 3, Sarah Ackerman, Managing Director Ross Patz, Consultant

USER CORPORATE RULES. These User Corporate Rules are available to Users at any time via a link accessible in the applicable Service Privacy Policy.

A comprehensive approach on personal data protection in the European Union

Directive on security of network and information systems (NIS): State of Play

This policy also applies to personal information about you that the Federation collects from any other third party.

Regulating Cyber: the UK s plans for the NIS Directive

Data Leak Protection legal framework and managing the challenges of a security breach

PROJECT BACKGROUND AND RATIONALE

NEWSFLASH GDPR N 8 - New Data Protection Obligations

COMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN

PREPARING FOR THE GDPR AT THE UNIVERSITY OF HELSINKI

Jane Nishida and participants of Group D

GDPR AMC SAAS AND HOSTED MODULES. UK version. AMC Consult A/S June 26, 2018 Version 1.10

It applies to personal information for individuals that are external to us such as donors, clients and suppliers (you, your).

COUNCIL OF THE EUROPEAN UNION. Brussels, 24 May /13. Interinstitutional File: 2013/0027 (COD)

Data Protection Policy

INFORMATION TO BE GIVEN 2

The Rough Notes Company, Inc. Privacy Policy. Effective Date: June 11, 2018

Directive on Security of Network and Information Systems

ENISA s Position on the NIS Directive

S.C. FAST SUPPORT S.R.L Bucharest, 70 Jean Louis Calderon Street, 6 th Floor J40/8295/ , sole registration code no.

Data Processing Clauses

Impacts of the GDPR in Afnic - Registrar relations: FAQ

Privacy Policy Hafliger Films SpA

General Data Localization Requirements in Indonesia

CERT.LV activities, role in Latvia and globally. Baiba Kaskina, CERT.LV , Sofia, Bulgaria

MOTION FOR A RESOLUTION

The Role of the Data Protection Officer

Alberta Reliability Standards Compliance Monitoring Program. Version 1.1

1.3 Please follow the links below for further information. Where relevant, we have made a distinction between different categories of data subjects:

EU Data Protection Triple Threat for May of 2018 What Inside Counsel Needs to Know

NIS-Directive and Smart Grids

Privacy Policy. Company registry number: Budapest, Gönczy Pál utca em. Homepage: contact: Phone:

Market Surveillance Action Plan

DATA PROTECTION BY DESIGN

Cybersecurity Considerations for GDPR

Regulation for the accreditation of product Certification Bodies

Angola. Part. 1 Contact information. 1.1 Name

MANUAL OF UNIVERSITY POLICIES PROCEDURES AND GUIDELINES. Applies to: faculty staff students student employees visitors contractors

How the European Commission is supporting innovation in mobile health technologies Nordic Mobile Healthcare Technology Congress 2015

This report was prepared by the Information Commissioner s Office, United Kingdom (hereafter UK ICO ).

Privacy Policy Identity Games

PERSONAL DATA PROTECTION POLICY

Action Plan Developed by Institute of Public Accountants (IPA) BACKGROUND NOTE ON ACTION PLANS

DATA PROCESSING TERMS

BENCHMARKING PPP PROCUREMENT 2017 IN GABON

LEGAL SOLUTION CYBERCRIME LEGAL SOLUTION LEGAL SOLUTION NATIONAL, REGIONAL, INTERNATIONAL

The GDPR Are you ready?

Introduction to the Personal Data (Privacy) Ordinance

Privacy Policy GENERAL

China and International Governance of Cybercrime

Market Surveillance Action Plan

Developments in Global Data Protection & Transfer: How They Impact Third-Party Contracts

A Regulator s Perspective on Accountability and How to Incentivise It

DATA PROTECTION LAWS OF THE WORLD. China

Introductory guide to data sharing. lewissilkin.com

Policy & Procedure Privacy Policy

UN General Assembly Resolution 68/243 GEORGIA. General appreciation of the issues of information security

Data Processing Agreement

BACKGROUND NOTE ON ACTION PLANS

University Privacy Campaign. Introduction to the Personal Data (Privacy) Ordinance

Privacy Dimensions to Canada's Anti-Spam Legislation (CASL)

Part of the service for dedicated servers includes 24/7 technical support and the guarantee of HW repair within two hours of the customer s request.

Global Alliance Against Child Sexual Abuse Online 2014 Reporting Form

Transcription:

Data Protection System of Georgia Nina Sarishvili Head of International Relations Department 14/12/2016

Legal Framework INTERNATIONAL INSTRUMENTS CoE 108 Convention AP on Supervisory Authorities and Trans- Border Data Flows NATIONAL LEGISLATION Law on Personal Data Protection Statute of the Inspector

Georgian Data Protection Law Principles of Data Processing Grounds for legitimate data processing Specific Regulations Obligations of Data Controller and Data Subjects Rights Transborder Data Flow

Administrative Responsibility Violations of the PDP Law Specific Chapter prescribing sanctions for particular violations Processing of data in the absence of the legal grounds Violation of the principles of the processing of data Failure to comply with the requirements on data security Violation of the rules on using data for the direct marketing purposes Violation of video surveillance rules Violation of rules for data transfer to another state and international organisation Failure to fulfil requirements of the Inspector

Criminal Responsibility Criminal Code of Georgia Illegal collection, storage, usage, dissemination or disclosure of personal data causing serious damage - imprisonment up to 3 years term Aggravating circumstances Imprisonment up to 4 years term Imprisonment up to 5 years term Imprisonment from 4 to 7 years term

Office of the Personal Data Protection Inspector Data Protection Supervisory Authority was established on July 1, 2013 Supervise Lawfulness of Data Processing Implement Data Protection Legislation Mandate of the Inspector Public Sector Private Sector Law-Enforcement

Appointment Procedure 3 Stage Selection Process 1 Special Competition Commission 2 Prime-Minister of Georgia 3 Parliament of Georgia Term of Office - 3 years.

Immunities Inviolability of the Inspector and Immunity from criminal proceedings in flagrante delicto Consent of the Parliament

Independence and Accountability of the Inspector Any influence or interference with the Inspector s activities punishable by law Right to refuse to testify Submission of Annual Report Parliament and Government

Financial and Organizational Independence Structure, rules of procedure and the distribution of powers Order of the Inspector Separate Office Space Funding State Budget / Donor Assistance Draft budget presented to the Ministry of Finance

Budget 2013 2014 2015 2016 2,225,000.00 2,100,000.00 600,000.00 205,000.00 Annual Budget in GEL

Structure Inspector Deputy Inspector Legal Department Inspection Department IT Department International Relations Department Administration Finances and Procurement Public Relations Public and Private Sector Oversight Unit Law-Enforcement Oversight Unit

Staff of the Georgian DPA 43 Management Auditors International Relations Public Relations and Awareness Raising Lawyers Database Specialists Research and Analysis Administration Data Security Information Technologies Projects and Trainings Accounting and Procurement

Functions of Georgian DPA Complaints handling Consulting public and private bodies Carrying out investigations Raising public awareness Participating in legislative process

Complaints Handling Total Number of Complaints - 254 120 113 Topics: 2 19 2013 2014 2015 2016 (9 months) Direct marketing; Subject access requests; Data disclosure; Violation of data processing principles; Access to data; Audio/video monitoring; Data Processing by Lawenforcement

Consultations Total number of consultations - 4178 1909 2016 (9 months) 2015 318 425 582 624 644 641 1010 1215 2014 244 296 470 2013 8 20 16 44 2013 2014 2015 2016 (9 months) Private bodies Public agencies Individuals

Inspections Total number of Inspections - 134 54 63 40% 60% Private sector Public sector 15 2 2013 2014 2015 2016 (9 months) 197 administrative violations Fines imposed on 100 cases

Mobile App Inspect 2 A tool for citizens to notify Inspector on data breaches Notifications received through the application enable the Inspector to respond to data breaches effectively Innovative Easy to use Accessible Possibility to send photo/video files to justify notification Citizens are able to track process of dealing with notification in real time and be updated on its consequences

Measures The Inspector may request: Termination of Processing Elimination of Discrepancies Blocking Data Instructions Recommendations Fines

Educational Activities 129 Trainings Public Lectures 3670 Participants 500 Participants Informational Meetings 800 Participants

Guidelines and Recommendations Thematic and Sector Specific Guidelines and Recommendations Personal Data Protection in Labour Relations Data Processing for Direct Marketing Purposes Video Surveillance Systems Data Protection and Online Privacy Processing of Biometric Data Processing of Medical Data How to Request Deleting Information from Facebook and YouTube? Tips for Consumers for Safe Online Shopping Tips on Data Protection and Elections

Cooperation with International Organizations CoE Consultative Committee- T-PD Ad hoc Committee - CAHDATA CEEDPA GPEN Spring Conference Berlin Group International Conference Article 29 Working Party

International Obligations EU-Georgia Visa Liberalization Action Plan Legislative Phase August 2014 - Legal Amendments October 2014 - Fulfillment Implementation Phase February 2015 Assessment Mission May 2015 - Fulfillment Association Agreement EUROJUST EUROPOL

Strategy and Action Plan Institutional Development Strategy 2017-2021 and Action Plan 2017-2018 Vision Mission Values Improvement of Main Operational Directions and Increase of Efficiency of the Office Organizational Development Raising Public Awareness Enhancing Strategic Cooperation

Results Achieved in 3 years Public institutions adjusted their internal processes to data protection regulations Improved practices in private sector Awareness of general public increased, their interest is growing Positive Assessment of international experts Georgian DPA recognized as efficient body that achieved remarkable results in relatively short period of time

Challenges Legislative Gaps Evolution of Modern Technologies Lack of Court Case-Law Public Awareness Limited Human and Financial Resources

Thank you for your attention? 7 Vachnadze Str., 0105 Tbilisi, Georgia Tel: (995 532) 2421000 www.pdp.ge www.personaldata.ge facebook.com/dpageorgiaofficial twitter.com/dpaofgeorgia

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback