In June 2023, the new Law of Georgia on Personal Data Protection replaced the previous Data Protection Act of 2011, to ensure compliance of the Georgian legislation with the provisions and principles outlined in the European General Data Protection Regulation (GDPR). One of the requirements of the latter is that data controllers implement technical and organisational measures during development stage of the systems to ensure that only necessary data is processed by relevant data processing tools. This is called privacy by design and by default.
The staff of the Personal Data Protection Service (PDPS) of Georgia was trained on the standards and good practices in the field of privacy by design and by default during the workshop organised by the Council of Europe “Strengthening Media Freedom, Internet Governance and Personal Data Protection in Georgia” Project, in Tbilisi on 19 December 2023. The workshop was aimed at supporting the PDPS in the preparation of guidelines in this specific field. The PDPS will follow up with development of the guidelines in this new field of expertise, as requested by the new Law.
The meeting allowed the participants to exchange on the topics such as the European legal framework on data protection by design and by default, analyse its key components under the GDPR, as well as its focus area, discuss the instruments for its successful implementation into practice and get familiar with the enforcement mechanisms used by the European Union’s Data Protection Authorities for noncompliance with the requirements of data protection by design and by default. As a result, the acquired knowledge will enable the PDPS to follow up with drafting of respective guidelines considering the established European standards in this main area.