Law: Law Of Georgia on Personal Data Protection of June 14, 2023, No 3144 (the Data Protection Act 2023)

Regulator: Personal Data Protection Service (PDPS)

Summary: The Data Protection Act 2023 was adopted on June 14, 2023, and entered into force on June 1, 2024. It is the primary law governing data protection and data processing activities, replacing the Data Protection Act of December 28, 2011 No. 5669. The Data Protection Act 2023 aims to bring Georgian legislation on personal data protection into closer alignment with the GDPR by establishing obligations such as the appointment of a data protection officer and the conducting of a Data Protection Impact Assessment (DPIA), as well as requirements regarding data breach notifications, data subject rights, and international data transfers.

In addition to the Data Protection Act 2023, other normative acts such as the Law of Georgia on State Inspector Service and the Resolution of the Government of Georgia on the Approval of the Regulations on the Activities of the Personal Data Protection Inspector and the Rule of Exercising the Power by Him/Her (only available in Georgian) contribute to the regulatory framework for data protection.

The Personal Data Protection Service (PDPS) is the regulatory authority under the Data Protection Act. The PDPS is fairly active and has issued notable fines in the past and guidance on key privacy topics.