ا) أهداف التعهد
- The fundamental rights to privacy and to personal data protection have become more important for the protection of human dignity than ever before. Respect for these rights underpins the democratic process and trust in institutions by keeping personal data safe and secure. Proper guarantees for privacy and data protection rights are enshrined in international legal instruments as well as in domestic legislation of the democratic countries across the world.
In 2005, Georgia ratified Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (“Convention 108”) and undertook an international obligation to form basic legal framework of personal data protection. Consequently, in 2011 the Law of Georgia on Personal Data Protection was adopted that provides set of rules and core principles for data protection.
Personal data processing may serve important grounds of public interest, legitimate interest of organisations to fulfill their functions and the vital interests of individuals. Data protection legislation does not hinder this process, however it provides that a legal basis for processing must be satisfied and established rules must be followed by the data controller organisations.
In order to balance on the one hand, protection of fundamental right to data protection and on the other hand, legitimate interests of the data controller organisations it is important to effectively implement data protection legislation and monitor lawfulness of data processing operations. In this regard, it is essential to support and delegate the independent data protection authority – State Inspector’s Service of Georgia with more robust mechanisms for effective functioning as the Service is responsible for data protection enforcement and supervising the lawfulness of data processing in Georgia.
- With new challenges to human rights and fundamental freedoms, notably to the right to private life, arising every day,it became apparent that the regulations on data protection had to be modernized in order to better address emerging privacy challenges resulting from the increased use of new information and communication technologies (IT), the globalization of data processing operations and the ever greater flows of personal data.
Accordingly, data protection laws underwent major development globally in recent years by modernising Convention 108 and adopting the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (“GDPR”). These legal instruments strengthen individuals’ rights and offer means, maintain confidentiality, uphold the rights of affected persons and build trust among communities and stakeholders.
Harmonization of Georgian legislation with international and European leading standards is important for establishing uniform practice and improving data protection framework in the country. The amendments to the existing Georgian Law on Personal Data Protection in alignment with GDPR provisions as well as modernized Convention 108 were already prepared and are currently initiated at the Parliament of Georgia (not yet in force).Adoption and implementation of this new draft Law on Personal Data Protection will foster further development of domestic legislation on data protection.
- Public awareness raising on data protection issues is of utmost importance for providing adequate safeguards against the risks associated with personal data processing and encouraging organizations to enhance the effectiveness of data processing practices.
The Law on State Inspector’s Service stipulates that the State Inspector’s Service shall provide information to the public about the situation in the area of personal data protection and significant developments in Georgia and improving awareness in this regard. Thus, objective of this pledge is to strengthen the capacity of the State Inspector’s Service to conduct effective awareness raising activities.
ب) خطة العمل:
To fulfill these pledges, Georgia aims to undertake following actions:
– Supporting the State Inspector’s Service to perform its data protection supervising functions, such as: examining citizen’s complaints, conducting inspections (audits) and cooperation with public and private organizations in order to ensure compliance of their data processing practices and procedures with legal requirements etc.
– Supporting adoption and implementation process of the new draft Law on Personal Data Protection, that may include consultations and discussions on the amendments with the representatives of various sectors; preparing/providing supplementary documents/comments where necessary in the process of adoption and after adopting the new draft law, elaborating the commentaries on the Law on Personal Data Protection.
– Delegating the State Inspector’s Service to deliver its consultations to the citizens as well as public and private organizations on personal data protection issues for free. Also elaborating sector specific soft law instruments (such as guidelines, recommendations) for awareness raising purposes and organizing training, workshops and informational meetings for public and private institutions, as well as interested individuals on a regular basis.
ج) مؤشرات قياس التقدم المحرز
- Increased number of conducted inspections (audits);
- Delivered consultations/recommendationson personal data protection issues (effective response to all consultation/recommendation requests from individuals as well as public and private organizations);
- Improved and up to date regulations/raised standards for data protection in alignment with international and European leading standards;
- Increased number of trained/consulted individuals and representatives of the organizations.
د) الآثار المترتبة على الموارد:
Resources for the implementation of the above activities will be provided from the state budget as well as by donor organizations.
