A personal data protection officer (DPO) is a person designated or appointed by the controller or processor. DPO performs functions as provided by the Law of Georgia “On Personal Data Protection”, such as: informing relevant persons on issues related to data protection, providing consultation and methodical assistance, ensuring compliance with internal regulations related to data processing and data protection, participating in the development of impact assessment documents, analyzing statements and complaints received regarding data processing, and issuing relevant recommendations. 

Who is obligated to appoint a personal data protection officer?

  • Insurance company;
  • Commercial bank;
  • Medical institution;
  • Microfinance organization;
  • Electronic communication company;
  • Airline;
  • Airport;
  • Credit bureau;
  • Public institution;
  • A person who processes personal data on a large scale (at least 3% of the population of Georgia) or carries out systematic and large-scale monitoring of their behavior. 

In addition, controllers/processors have the right, at their discretion, to appoint or designate a DPO. 

Who can be a DPO? The function of the DPO may be performed by an employee of the controller or processor, or by other person(s) based on the service contract. The DPO must have appropriate knowledge in the field of data protection. 

It should be taken into account that the circle of controllers and processors, who do not have the obligation to appoint or define a DPO, is determined by the normative act of the director of the President of the personal data protection service.

Tags:
Share

Related posts

go top